Kevin Ying ([EMAIL PROTECTED]) wrote: > Mike, for those of us who are using OpenLDAP, can you describe some of > what it takes to do a successful and reasonably seamless migration to > iPlanet/Sun ONE?
Hi, I did it something like this. I had my mail server authenticating from OpenLDAP with MD5 password hashes. I `patched' Courier IMAP to intercept the cleartext password after a successful authentication, and save it as a single file named after the username with one line containing the SHA hash of the cleartext password. Beware that you can not use any sort of salting in the hash. After I had SHA hashes for 95% of my users, I stopped mail at the firewall (sendmail passthrough), exported my directory and shut it down (since openldap does not support going into read-only mode). Then I used some perl to substitute the password hashes for each user with the new SHA hashes. iPlanet can only authenticate users with crypt or SHA. OpenLDAP can/could only authenticate with MD5, I believe. You may have to put a passthrough mail queueing box in the middle, if you do not already have one. I had already set up the iPlanet servers and made an example directory and tested replication and acl's, so that was not an issue. I loaded my new LDIF file into the directory and dealt with any rejects that were caused by schema differences by using perl. All in all, it took about two hours time. -- Mike
