Draft script to migrate LDAP entries from Etch to Lenny

To: debian-edu@lists.debian.org
Subject: Draft script to migrate LDAP entries from Etch to Lenny
From: Petter Reinholdtsen <pere@hungry.com>
Date: Wed, 9 Jun 2010 14:05:15 +0200
Message-id: <[🔎] 20100609120515.GF18381@login1.uio.no>

Bjarne at Skolelinux Drift asked me how to migrate the LDAP database
from Etch to Lenny, and one approach I would like to test is to write
a script that connects to both LDAP databases, and let it read from
one and insert into another.

I've written a draft script, but am unsure if there is more than
users, groups, netgroups and automounts that should be copied, and if
there are some transformations that should be done on the LDAP
objects.  User, group and netgroup objects seem to be identical in
Etch and Lenny, but I am unsure if other objects have changed.

Perhaps instead just all objects not already in the Lenny database
should be copied instead of limiting it to only some objectclasses?

Anyway, here is a draft script.  Completely untested, and with
hardcoded host names and password strings.  I very much welcome
feedback on the approach.


#!/usr/bin/perl
#
# Script to migrate LDAP objects from a Debian Edu Etch database to an
# Lenny database.
#
# The user and group objects in Etch and Lenny are identical, so no
# editing is required to migrate these.
#
# http://quark.humbug.org.au/publications/ldap/ldap_tut.html

use strict;
use warnings;

use Net::LDAP;
use Data::Dumper;

my $etchserver = "localhost"; # drift.slxdrift.no
my $lennyserver = "localhost";

my $base = "dc=skole,dc=skolelinux,dc=no";
my $manager = "cn=admin,ou=People,$base";
my $password = 'secret';

my $uid = "test";

my $ldapetch = Net::LDAP->new($etchserver)
    or die "Can't bind to ldap server $etchserver: $!\n";
$ldapetch->bind;


my $ldaplenny = Net::LDAP->new($lennyserver)
    or die "Can't bind to ldap: $!\n";
$ldaplenny->start_tls();
$ldaplenny->bind(
		 dn       => $manager,
		 password => $password,
		 );

migrate_users($ldapetch, $ldaplenny);
migrate_groups($ldapetch, $ldaplenny);

$ldaplenny->unbind;
$ldapetch->unbind;

sub copy_ldap_objects {
    my ($ldapetch, $ldaplenny, $filter) = @_;

    my($mesg) = $ldapetch->search( base => $base, filter => $filter);

    $mesg->code && die $mesg->error;

    foreach my $entry ($mesg->all_entries) {
	$entry->dump;
#	print Dumper($entry);

	my $dn = $entry->dn;

	my $filter = "(&(objectclass=posixAccount)(dn=$dn))";
	print "F: $filter $dn\n";
	my $mesg = $ldaplenny->search( base => $base, filter => $filter);

	my $exist = 0 < $mesg->count;
	if (!$exist) {
	    #my $result = $entry->update($ldaplenny);
	    #$result->code && warn "failed to add entry: ", $result->error;
	    print "Want to add LDAP object:\n";
	    $entry->dump;
	} else {
	    print "Object for $dn exist, not adding\n";
	}

    }
}

sub migrate_users {
    my ($ldapetch, $ldaplenny) = @_;
    copy_ldap_objects($etchldap, $lennyldap, '(objectclass=posixAccount)');
}

sub migrate_groups {
    my ($ldapetch, $ldaplenny) = @_;
    copy_ldap_objects($etchldap, $lennyldap, '(objectclass=posixGroup)');
}
sub migrate_netgroups {
    my ($ldapetch, $ldaplenny) = @_;
    copy_ldap_objects($etchldap, $lennyldap, '(objectclass=nisNetgroup)');
}
sub migrate_automounts {
    my ($ldapetch, $ldaplenny) = @_;
    copy_ldap_objects($etchldap, $lennyldap, '(objectclass=automount)');
}

Happy hacking,
-- 
Petter Reinholdtsen

Reply to:

Follow-Ups:
- RE: Draft script to migrate LDAP entries from Etch to Lenny
  - From: "Oded Naveh" <skilinux@gmail.com>

Prev by Date: Re: IRC meeting
Next by Date: Re: Getting d-i to find firmware on the CD generated by debian-cd
Previous by thread: Processed: block 547653 with 585063 585064
Next by thread: RE: Draft script to migrate LDAP entries from Etch to Lenny
Index(es):
- Date
- Thread