Unflushed Buffers

Installation (Ubuntu)

Forget about doing all the dirty work, others have done it for you. I’m using Ubuntu Linux (gutsy), and there are packages to help. I’m installing the directory on the same server as my main file server (NFS and Samba), but it can be moved to a standalone system if I need to scale up. This server also runs apache2 and php5, and since I will use a web app to admin the directory these are required as well. Installing the packages below will also install apache+php if needed:

apt-get install ldapscripts ldap-utils migrationtools slapd phpldapadmin

Answer the questions it gives you as best you can - you can always reconfigure with

dpkg-reconfigure slapd

Now you’re pretty much done. The questions dpkg asks set up a superuser account on the directory in the form of

cn=admin,dc=scriptforge,dc=org

Now before we go further, take a look at /etc/ldap/slapd.conf and get an idea of what options you can set here and what is set in the directory.

Next take a look and make sure slapd and apache are running with a bit of ps ax action. Apache is for the phpldapadmin package to help you manage the directory.

Open a browser to http://servername.or.ip.address/phpldapadmin and login with the superuser account above (modified for your own domain) and password you set during the dpkg config process. Take a look around at an empty directory.
Migration of the Local Accounts

See the migrationtools package installed earlier - these provide a series of scripts to get you started with the migration. This way you hardly deal with those silly LDIF files and minimum fuss on the command line. They take stuff from your /etc and put it in the directory (like /etc/passwd, /etc/group).

These scripts are in /usr/share/migrationtools so cd to that directory and get ready to run some commands. First you need to edit migrate_common.ph and look for $DEFAULT_MAIL_DOMAIN and $DEFAULT_BASE which you will need to change.

Then we run the script

./migrate_all_online.sh

It will ask you questions as to what your server name / IP address is, and user/pass (called credentials) to log in with. It also asks about if you want some sort of DUAConfigProfile created - choose no here.

Running the migration will take mere seconds but may come up with errors. I found it did this because dpkg or the package itself was created with some default tree and it was trying to recreate nodes that already existed. If this is the case, go to your browser and that phpldapadmin web app and delete each entry in the top of the tree, except the one about the admin, and then restart the migration script again but with an empty tree. I also had a problem migrating /etc/aliases but since this isn’t my mail server I simply deleted that file as it’s not used on the server, deleted the tree nodes so it was empty and tried again.

After the migration is complete, look through the tree in the browser and see how the migration tools organised your data.

You should see all your user accounts in ou=People, groups are in ou=Group, and so on. Wow, almost painless. There are some command line tools for browsing the tree, ldapsearch being one of those. Give it a try and search the directory.

So we have a directory server, and some accounts in there. It’s probably not secure, or organised, and ALL your groups and accounts are in there. Not every server needs bin, sys, daemon, news, mail users/groups but this is where having a list of what you want migrated comes in handy. You can start pruning the nodes you don’t want to replicate across the network.

Next we try to get a Linux desktop client to start authenticating to the directory…