This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
хранение_учетных_записей_unix_в_ldap [2021/01/13 20:09] val [Использование migrationtools] |
хранение_учетных_записей_unix_в_ldap [2021/01/14 11:56] val |
||
---|---|---|---|
Line 14: | Line 14: | ||
* [[http://oav.net/mirrors/LDAP-ObjectClasses.html|Common LDAP schemas]] | * [[http://oav.net/mirrors/LDAP-ObjectClasses.html|Common LDAP schemas]] | ||
- | ==== Импорт данных про организацию ==== | + | ==== Импорт данных про организацию и структуру ==== |
- | === Debian/Ubuntu === | + | !!! Объект dc=corpX,dc=un создается автоматически при инсталляции из dcObject наследуется атрибут dc, из organization наследуется атрибут o |
- | + | ||
- | !!! Объект dc=corpX,dc=un создается автоматически при инсталляции !!! | + | |
- | + | ||
- | === FreeBSD === | + | |
<code> | <code> | ||
server# cat organization.ldif | server# cat organization.ldif | ||
</code><code> | </code><code> | ||
- | dn: dc=corpX,dc=un | + | #dn: dc=corpX,dc=un |
- | objectClass: dcObject | + | #objectClass: dcObject |
- | objectClass: organization | + | #objectClass: organization |
- | o: Corporation X | + | #o: Corporation X |
- | dc: corpX | + | #dc: corpX |
- | </code> | + | |
- | Из dcObject наследуется атрибут dc | + | dn: ou=People,dc=corpX,dc=un |
- | + | objectClass: organizationalUnit | |
- | Из organization наследуется атрибут o | + | ou: People |
+ | dn: ou=Group,dc=corpX,dc=un | ||
+ | objectClass: organizationalUnit | ||
+ | ou: Group | ||
+ | </code> | ||
<code> | <code> | ||
server# ldapadd -x -D "cn=admin,dc=corpX,dc=un" -w secret -f organization.ldif | server# ldapadd -x -D "cn=admin,dc=corpX,dc=un" -w secret -f organization.ldif | ||
- | </code> | ||
- | |||
- | ==== Импорт данных описывающих структуру организации ==== | ||
- | <code> | ||
- | server# cat orgstructure.ldif | ||
- | </code><code> | ||
- | dn: ou=users,dc=corpX,dc=un | ||
- | objectClass: organizationalUnit | ||
- | ou: users | ||
- | |||
- | dn: ou=groups,dc=corpX,dc=un | ||
- | objectClass: organizationalUnit | ||
- | ou: groups | ||
- | </code><code> | ||
- | server# ldapadd -x -D "cn=admin,dc=corpX,dc=un" -w secret -f orgstructure.ldif | ||
</code> | </code> | ||
Line 69: | Line 53: | ||
server# cat passwdgroup.ldif | server# cat passwdgroup.ldif | ||
</code><code> | </code><code> | ||
- | dn: cn=user1,ou=groups,dc=corpX,dc=un | + | dn: cn=user1,ou=Group,dc=corpX,dc=un |
objectClass: posixGroup | objectClass: posixGroup | ||
cn: user1 | cn: user1 | ||
gidnumber: 10001 | gidnumber: 10001 | ||
- | dn: cn=user2,ou=groups,dc=corpX,dc=un | + | dn: cn=user2,ou=Group,dc=corpX,dc=un |
objectClass: posixGroup | objectClass: posixGroup | ||
cn: user2 | cn: user2 | ||
gidnumber: 10002 | gidnumber: 10002 | ||
- | dn: uid=user1,ou=users,dc=corpX,dc=un | + | dn: uid=user1,ou=People,dc=corpX,dc=un |
objectClass: inetOrgPerson | objectClass: inetOrgPerson | ||
objectClass: posixAccount | objectClass: posixAccount | ||
Line 92: | Line 76: | ||
userpassword: * | userpassword: * | ||
- | dn: uid=user2,ou=users,dc=corpX,dc=un | + | dn: uid=user2,ou=People,dc=corpX,dc=un |
objectClass: inetOrgPerson | objectClass: inetOrgPerson | ||
objectClass: posixAccount | objectClass: posixAccount | ||
Line 105: | Line 89: | ||
userpassword: * | userpassword: * | ||
- | dn: cn=group1,ou=groups,dc=corpX,dc=un | + | dn: cn=group1,ou=Group,dc=corpX,dc=un |
cn: group1 | cn: group1 | ||
gidNumber: 15001 | gidNumber: 15001 | ||
Line 124: | Line 108: | ||
==== Удаление информации из ldap каталога ==== | ==== Удаление информации из ldap каталога ==== | ||
<code> | <code> | ||
- | server# ldapdelete -x -D "cn=admin,dc=corpX,dc=un" -w secret "uid=user1,ou=users,dc=corpX,dc=un" | + | server# ldapdelete -x -D "cn=admin,dc=corpX,dc=un" -w secret "uid=user1,ou=People,dc=corpX,dc=un" |
</code> | </code> | ||
Line 133: | Line 117: | ||
server:~# cat addmailphone.ldif | server:~# cat addmailphone.ldif | ||
</code><code> | </code><code> | ||
- | dn: uid=user1,ou=users,dc=corpX,dc=un | + | dn: uid=user1,ou=People,dc=corpX,dc=un |
changetype: modify | changetype: modify | ||
add: telephoneNumber | add: telephoneNumber | ||
telephoneNumber: 401 | telephoneNumber: 401 | ||
- | dn: uid=user1,ou=users,dc=corpX,dc=un | + | dn: uid=user1,ou=People,dc=corpX,dc=un |
changetype: modify | changetype: modify | ||
add: mail | add: mail | ||
mail: user1@corpX.un | mail: user1@corpX.un | ||
- | dn: uid=user2,ou=users,dc=corpX,dc=un | + | dn: uid=user2,ou=People,dc=corpX,dc=un |
changetype: modify | changetype: modify | ||
add: telephoneNumber | add: telephoneNumber | ||
telephoneNumber: 402 | telephoneNumber: 402 | ||
- | dn: uid=user2,ou=users,dc=corpX,dc=un | + | dn: uid=user2,ou=People,dc=corpX,dc=un |
changetype: modify | changetype: modify | ||
add: mail | add: mail | ||
Line 235: | Line 219: | ||
# apt install migrationtools | # apt install migrationtools | ||
- | # diff migrate_common.ph /etc/migrationtools/migrate_common.ph | + | # cat /etc/migrationtools/migrate_common.ph |
</code><code> | </code><code> | ||
- | 58c58 | + | ... |
- | < $NAMINGCONTEXT{'passwd'} = "ou=People"; | + | $DEFAULT_MAIL_DOMAIN = "corp13.un"; |
- | --- | + | ... |
- | > $NAMINGCONTEXT{'passwd'} = "ou=users"; | + | $DEFAULT_BASE = "dc=corp13,dc=un"; |
- | 61c61 | + | ... |
- | < $NAMINGCONTEXT{'group'} = "ou=Group"; | + | $EXTENDED_SCHEMA = 1; |
- | --- | + | ... |
- | > $NAMINGCONTEXT{'group'} = "ou=groups"; | + | $IGNORE_UID_BELOW = 1000; |
- | 71c71 | + | $IGNORE_GID_BELOW = 1000; |
- | < $DEFAULT_MAIL_DOMAIN = "padl.com"; | + | ... |
- | --- | + | $IGNORE_UID_ABOVE = 65500; |
- | > $DEFAULT_MAIL_DOMAIN = "corpX.un"; | + | $IGNORE_GID_ABOVE = 65500; |
- | 74c74 | + | ... |
- | < $DEFAULT_BASE = "dc=padl,dc=com"; | + | |
- | --- | + | |
- | > $DEFAULT_BASE = "dc=corpX,dc=un"; | + | |
- | 96,97c96,97 | + | |
- | < #$IGNORE_UID_BELOW = 1000; | + | |
- | < #$IGNORE_GID_BELOW = 100; | + | |
- | --- | + | |
- | > $IGNORE_UID_BELOW = 1000; | + | |
- | > $IGNORE_GID_BELOW = 1000; | + | |
- | 100,101c100,101 | + | |
- | < #$IGNORE_UID_ABOVE = 9999; | + | |
- | < #$IGNORE_GID_ABOVE = 9999; | + | |
- | --- | + | |
- | > $IGNORE_UID_ABOVE = 65500; | + | |
- | > $IGNORE_GID_ABOVE = 65500; | + | |
</code><code> | </code><code> | ||
# ln -s /etc/migrationtools/migrate_common.ph /etc/perl/migrate_common.ph | # ln -s /etc/migrationtools/migrate_common.ph /etc/perl/migrate_common.ph | ||
- | # /usr/share/migrationtools/migrate_group.pl /etc/group | + | # /usr/share/migrationtools/migrate_passwd.pl /etc/passwd | tee users.ldif |
+ | !!! удалить все про krb5 | ||
- | # /usr/share/migrationtools/migrate_passwd.pl /etc/passwd | + | # ldapadd -x -D "cn=admin,dc=corpX,dc=un" -w secret -f users.ldif |
- | !!! оставить только | + | |
- | objectClass: inetOrgPerson | + | # /usr/share/migrationtools/migrate_group.pl /etc/group | tee groups.ldif |
- | objectClass: posixAccount | + | |
- | добавить атрибут | + | |
- | sn: ... | + | |
- | удалить атрибуты | + | |
- | shadow... | + | |
+ | # ldapadd -x -D "cn=admin,dc=corpX,dc=un" -w secret -f groups.ldif | ||
</code> | </code> |