[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-users
Subject: Re: [389-users] Migrating from openldap/slapd to 389
From: Mark Reynolds <mareynol () redhat ! com>
Date: 2015-05-14 15:09:05
Message-ID: 5554BA91.6030608 () redhat ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi Bobby,
See comments below...
On 05/14/2015 09:24 AM, Bobby Krupczak wrote:
> Hi!
>
> Hey, I'm sure you guys are tired of folks asking this question but
> I've spent the last day searching the InterWebs and still have
> questions.
>
> I'm fixing to switch from openldap/slapd to 389 for ldap
> authentication for linux and samba clients. I want to run the 389 dir
> service on the same system as slapd.
>
> - Is the switch as simple as turning on the 389 server, turning off
> slapd, and importing my user account objects into 389 via a ldif?
Sort of. You need to make sure that the 389 DS is correctly configured,
and the LDIF files are imported.
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Admini \
stration_Guide/Configuring_Directory_Databases.html#Configuring_Directory_Databases-Creating_and_Maintaining_Suffixes
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Configuring_Directory_Databases.html
>
> - If I'm only using slapd for "standard" login accounts and passwords,
> do I still need to import any schemas from slapd? (It looks like
> 389 has the same basic schemas)
This depends. An easy to verify this is to just try to import the
LDIF(s). If you don't see any schema/objectlcass errors then you know
you are good to go. You can check the errors log for this
(/var/log/dirsrv/slapd-INSTANCE/errors).
>
> - I've used slapcat and ldapsearch to create ldif files of my user
> objects. Do I need to munge these ldif entries in order to import
> them into 389?
You can specify multiple ldif files when using the ldif2db command:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Admini \
stration_Guide/Populating_Directory_Databases.html#Populating_Directory_Databases-Importing_Data
You might need to set access permission on your database as well (like
anonymous access, etc).
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Access_Control.html
>
> - I didnt see specific instructions for enabling and turning on the
> web admin interface for 389. Is it turned on automatically when I
> start 389 server?
This is the 389-admin/389-console package, it is separate from the
389-ds-base package
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/admin-server.html
>
> - Is the switch transparent to linux/unix ldap clients or will I need
> to go re-configure them?
I'm not sure, I don't think you will need to do anything.
Regards,
Mark
>
> Thanks,
>
> Bobby
>
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
[Attachment #5 (text/html)]
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Bobby,<br>
<br>
See comments below...<br>
<br>
<div class="moz-cite-prefix">On 05/14/2015 09:24 AM, Bobby Krupczak
wrote:<br>
</div>
<blockquote cite="mid:20150514132421.GN2443@smyrna.krupczak.org"
type="cite">
<pre wrap="">Hi!
Hey, I'm sure you guys are tired of folks asking this question but
I've spent the last day searching the InterWebs and still have
questions.
I'm fixing to switch from openldap/slapd to 389 for ldap
authentication for linux and samba clients. I want to run the 389 dir
service on the same system as slapd.
- Is the switch as simple as turning on the 389 server, turning off
slapd, and importing my user account objects into 389 via a ldif?</pre>
</blockquote>
Sort of. You need to make sure that the 389 DS is correctly
configured, and the LDIF files are imported.<br>
<br>
<a class="moz-txt-link-freetext" \
href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/ \
Administration_Guide/Configuring_Directory_Databases.html#Configuring_Directory_Databa \
ses-Creating_and_Maintaining_Suffixes">https://access.redhat.com/documentation/en-US/R \
ed_Hat_Directory_Server/9.0/html/Administration_Guide/Configuring_Directory_Databases.html#Configuring_Directory_Databases-Creating_and_Maintaining_Suffixes</a><br>
<br>
<a class="moz-txt-link-freetext" \
href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/ \
Administration_Guide/Configuring_Directory_Databases.html">https://access.redhat.com/d \
ocumentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Configuring_Directory_Databases.html</a><br>
<br>
<br>
<blockquote cite="mid:20150514132421.GN2443@smyrna.krupczak.org"
type="cite">
<pre wrap="">
- If I'm only using slapd for "standard" login accounts and passwords,
do I still need to import any schemas from slapd? (It looks like
389 has the same basic schemas)</pre>
</blockquote>
This depends. An easy to verify this is to just try to import the
LDIF(s). If you don't see any schema/objectlcass errors then you
know you are good to go. You can check the errors log for this
(/var/log/dirsrv/slapd-INSTANCE/errors).<br>
<br>
<br>
<blockquote cite="mid:20150514132421.GN2443@smyrna.krupczak.org"
type="cite">
<pre wrap="">
- I've used slapcat and ldapsearch to create ldif files of my user
objects. Do I need to munge these ldif entries in order to import
them into 389?</pre>
</blockquote>
You can specify multiple ldif files when using the ldif2db command:<br>
<br>
<a class="moz-txt-link-freetext" \
href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/ \
Administration_Guide/Populating_Directory_Databases.html#Populating_Directory_Database \
s-Importing_Data">https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Serv \
er/9.0/html/Administration_Guide/Populating_Directory_Databases.html#Populating_Directory_Databases-Importing_Data</a><br>
<br>
You might need to set access permission on your database as well
(like anonymous access, etc). <br>
<br>
<a class="moz-txt-link-freetext" \
href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/ \
Administration_Guide/Managing_Access_Control.html">https://access.redhat.com/documenta \
tion/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Access_Control.html</a><br>
<blockquote cite="mid:20150514132421.GN2443@smyrna.krupczak.org"
type="cite">
<pre wrap="">
- I didnt see specific instructions for enabling and turning on the
web admin interface for 389. Is it turned on automatically when I
start 389 server?</pre>
</blockquote>
This is the 389-admin/389-console package, it is separate from the
389-ds-base package<br>
<br>
<a class="moz-txt-link-freetext" \
href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/ \
Administration_Guide/admin-server.html">https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/admin-server.html</a><br>
<blockquote cite="mid:20150514132421.GN2443@smyrna.krupczak.org"
type="cite">
<pre wrap="">
- Is the switch transparent to linux/unix ldap clients or will I need
to go re-configure them?</pre>
</blockquote>
I'm not sure, I don't think you will need to do anything.<br>
<br>
Regards,<br>
Mark<br>
<blockquote cite="mid:20150514132421.GN2443@smyrna.krupczak.org"
type="cite">
<pre wrap="">
Thanks,
Bobby
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
389 users mailing list
<a class="moz-txt-link-abbreviated" \
href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a> \
<a class="moz-txt-link-freetext" \
href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</body>
</html>
[Attachment #6 (text/plain)]
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic