-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 22 Jan 2003, Ronan Waide wrote:
> On January 22, [EMAIL PROTECTED] said: > > i made some minor changes to the migrationtools to work properly. (some > > atrribute types are spelled wrong) > > What changes? Seems like it might be worthwhile telling the people on > this list, if not the people at padl, about the errors. > if you set EXTENDED_SCHEMA=1 in migrate_common.ph you will get some attribute conflicts and some missed attributes.. okay, here is a short diff of the affected file: - --> - --- MigrationTools-44/migrate_passwd.pl Sat Jul 6 23:06:45 2002 +++ MigrationTools-44_mod/migrate_passwd.pl Tue Dec 17 17:47:12 2002 @@ -122,19 +122,20 @@ if ($DEFAULT_MAIL_HOST) { print $HANDLE "mailRoutingAddress: $user\@$DEFAULT_MAIL_HOST\n"; print $HANDLE "mailHost: $DEFAULT_MAIL_HOST\n"; - - print $HANDLE "objectClass: mailRecipient\n"; +# print $HANDLE "objectClass: mailRecipient\n"; } print $HANDLE "objectClass: person\n"; print $HANDLE "objectClass: organizationalPerson\n"; print $HANDLE "objectClass: inetOrgPerson\n"; } - - print $HANDLE "objectClass: account\n"; +# print $HANDLE "objectClass: account\n"; + print $HANDLE "objectClass: inetLocalMailRecipient\n"; print $HANDLE "objectClass: posixAccount\n"; print $HANDLE "objectClass: top\n"; if ($DEFAULT_REALM) { - - print $HANDLE "objectClass: kerberosSecurityObject\n"; + print $HANDLE "objectClass: krb5Principal\n"; } if ($shadowUsers{$user} ne "") { @@ -144,7 +145,7 @@ } if ($DEFAULT_REALM) { - - print $HANDLE "krbName: $user\@$DEFAULT_REALM\n"; + print $HANDLE "krb5PrincipalName: $user\@$DEFAULT_REALM\n"; } if ($shell) { <-- this works perfect for me, but i think it is only necessary if you want to use EXTENDED_SCHEMA=1 (for integrating mail and kerberos information in yous ldap-tree) i will try to explain shortly whats wrong in the original. hope i will remeber right.. 1. you need 'objectClass: inetLocalMailRecipient' to use 'mailHost: ' and 'mailRoutingAddress: ' but this conflicts with 'objectClass: account' so you must disable/comment out this line. 2. i searched the whole net for a schema file with 'objectClass: kerberosSecurityObject' and 'krb5PrincipalName: ' in it, but i've found exactly nothing!! so decided to replace it with the krb5 stuff from krb5-kdc.schema. you can see it in the diff above. here is an example user-account out of my ldap-tree: - --> dn: uid=tuser,ou=People,dc=xxx,dc=yy cn: Test User telephoneNumber: +22(22)222-22222 roomNumber: Test User Room givenName: Test sn: User mail: [EMAIL PROTECTED] mailRoutingAddress: [EMAIL PROTECTED] mailHost: smtp.xxx.yy objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: inetLocalMailRecipient objectClass: posixAccount objectClass: top objectClass: krb5Principal objectClass: sambaAccount userPassword: {crypt}XxXxXxXxXx krb5PrincipalName: [EMAIL PROTECTED] loginShell: /bin/csh uidNumber: 12345 gidNumber: 1234 homeDirectory: /home/tuser gecos: Test User for LDAP uid: tuser pwdLastSet: 999999999 logonTime: 0 logoffTime: 999999999 kickoffTime: 999999999 pwdCanChange: 0 pwdMustChange: 999999999 rid: 12345 primaryGroupID: 1234 homeDrive: H: smbHome: \\SAMBA_SERVER\tuser profilePath: \\SAMBA_SERVER\profiles\tuser scriptPath: logon.bat description: Test User displayName: Test User lmPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ntPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX acctFlags: [U ] <-- hope that helps a litlle bit. joerg btw. i used the Migrationtools version 44. i don't know if there is a later version wich is already corrected. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+LpxgSPOsGF+KA+MRAoO1AJ40g3Y1O4gCtM7jjiwlmpPK/+i1swCdEoHW eoGC9vsvxiSHUX2maRv/8hY= =d+jm -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba