[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ldap/lwat test

På Wed, 15 Aug 2007 04:40:02 +0200, skrev nigel barker <tech@hiroshima-is.ac.jp>:

I would like to know the solution when you find it. When you are successful, would you mind writing a howto for transferring users from a skolelinux 2 tjener to a new skolelinux 3 tjener?



Don't know if you have some machine to test on, but here is what I have done so far. You should only use this for testing purposes.

This is not necessarily the right way, and may cause errors for what I know, but this worked fine for me:

Backup the old ldap:

# mkdir /var/backups/ldif
# /etc/init.d/slapd stop
# /etc/init.d/nscd stop
# /usr/sbin/slapcat -l /var/backups/ldif/ldifbackup.ldif
# /etc/init.d/slapd start
# /etc/init.d/nscd start

You shold now have a ldif backup in /var/backups/ldif/ Copy this to some removeable storage device. Then bring the ldif file to your newly installed server. The rest is done after installing DebianEdu 3.0.

Since I had done some testing with ldap, I moved away everything in ldap with:

# rm -rf /var/lib/ldap/*

Then got a fresh and clean ldap:

# ldap-debian-edu-install

When I tried to add my ldif file, the users would not become members of groups already excisting, e.g. groups teachers and students. Since, as far as I know, you can not use lwat to add several users to a group at once, this would be quite timeconsuming. A workaround was to restart slapd and nscd, then use lwat to remove the groups teachers, students and machines, and then stop slapd and nscd again. I guess you could do this from commandline as well. This step should not be necessary, but maybe my ldif file is not corresponding to good with my new ldap.

Then I added my ldif file using slapadd:

# slapadd -v -c -l ldifbackup.ldif -f /etc/ldap/slapd.conf

Then i did restart slapd and nscd.

# getent passwd

returns all my users

# getent group |grep teach

returns all the teachers in school correctly.

Windows (samba) machines works mostly still, but there seems to be some issues. Sometimes they can't get in touch with ldapserver. I have not investigated this any further.

Good luck
Bjarne Nielsen

Reply to: