Am 10.08.2010 11:39, schrieb Lukasz Zalewski: > On 08/08/2010 12:44 AM, Michael Wood wrote: >> On 7 August 2010 19:11, Nico Kadel-Garcia<nka...@gmail.com> wrote: >>> On Mon, Aug 2, 2010 at 10:06 AM, Dave >>> Thurston<dthurs...@comcast.net> wrote: >>>> I have searched but I have yet to find a method to import users and >>>> passwords from >>>> a samba3/ldap system to samba4. Is there available a method of doing >>>> this? >>> >>> Why do you need to import? Isn't the backend Kerberos and the account >>> informat sufficiently similar that you can simply switch over? >>> >>> (I ask as someone using Samba 3, eyeing Samba 4 with interest to get >>> LDAP out of the hands of Active Directory.) >> >> By default Samba 4 uses its own built in LDAP server and the OpenLDAP >> backend is currently not working properly. >> >> I have managed to migrate users from an Apple Open Directory server >> (which is based on MIT Kerberos and OpenLDAP) to Samba 4, but I was >> only using Open Directory for authentication of one service. No >> machines joined to OD or anything like that. >> >> All I needed to do was dump the kerberos database, import it to >> Heimdal, dump it from Heimdal again and then use the password hashes >> from the Heimdal dump to create the necessary unicodePwd attributes in >> Samba's directory. After that I used ldapsearch to get hold of the >> groups each user was a member of and then used ldbmodify (or perhaps >> ldapmodify. I can't remember now) to migrate them to Samba. >> >> I've never used Samba 3 as a PDC, so I'm not sure what the LDAP schema >> looks like and how it differs from what Samba 4 uses, but as long as >> the password hashes are in a compatible format, I imagine it's just a >> matter of slapcat or ldapsearch, munging the results and then >> ldbmodify to add the users to Samba 4. >> >> I don't know of an existing script to do this. >> > I have started writing a script that will pull account information > (Users, Groups and Computers) from s3's ldap backend and import it to > s4. its still early days though. I'm pretty sure that there will be > loads of hurdles to jump before is in any usable state
I've something that's is almost done for users, groups and computers. It needs a lot of cleanup, then I'll commit it to master/example/*. Currently the script 'myldap-pub.py' expects input.ldif hardcoded (later we can also support ldap urls) metze
signature.asc
Description: OpenPGP digital signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba