Migrating Linux Users to an LDAP Directory

4 hours
  • 5 Learning Objectives

About this Hands-on Lab

In this lab, we go through the process of adding a Linux user and then using a migrate utility to create an LDIF file that facilitates the use of the `ldapadd` command to add the user to an LDAP directory.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Connect to the LDAP Server and the Linux Server

Connect to each server:

ssh cloud_user@<PUBLIC_IP_OF_SERVER>

Provide the appropriate password from the lab interface.

Verify the Installation of LDAP on the LDAP Server

On the LDAP Server

  1. Check the version of LDAP that has been staged:

    slapd -VV
  2. Verify the slapd daemon is running and active:

    sudo systemctl status slapd
  3. Provide the cloud_user password for the LDAP server.

  4. Search the existing LDAP database:

    ldapsearch -x -LLL -b dc=example,dc=com
Set the Password for the LDAP Server

On the LDAP Server

  1. Generate an encrypted password:

  2. Copy the output from that command into the clipboard and save it.

  3. Use a Linux text editor to add the encrypted password to the slapd configuration file:

    sudo vi /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif
  4. Change the line that starts with olcRootPW, replacing the existing string after the colon with the encrypted password you just copied.

  5. After saving the configuration file, restart the service:

    sudo systemctl restart slapd
Add a Linux User and Migrate the User to LDAP

On the LDAP Server

  1. Add a Linux user:

    sudo useradd <ANY_USER>
    sudo passwd <ANY_USER>
  2. Respond with a password.

  3. Grab the user and group lines from /etc/passwd and /etc/group, and output them to text files:

    grep <ANY_USER> /etc/passwd > ./passwd.txt
    grep <ANY_USER> /etc/group > ./group.txt
  4. Use the migration utility to convert the Linux text into ldif format:

    /usr/share/migrationtools/migrate_passwd.pl ./passwd.txt ./passwd.ldif
    /usr/share/migrationtools/migrate_group.pl ./group.txt ./group.ldif
  5. Look at the files you have created:

    cat ./passwd.ldif
    cat ./group.ldif
  6. Add the ldif data to the directory:

    ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f ./passwd.ldif
    ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f ./group.ldif
  7. Search the directory to determine the contents:

    ldapsearch -x cn=<ANY_USER> -b dc=example,dc=com
Verify the User You Added Is Available from the LDAP Client

From the server configured as an LDAP client:


Additional Resources

Basic familiarity with Linux commands and a Linux text editor is required.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?