Migrating Linux Users to an LDAP Directory

Connect to each server:

ssh cloud_user@<PUBLIC_IP_OF_SERVER>

Provide the appropriate password from the lab interface.

On the LDAP Server

1. Check the version of LDAP that has been staged:

   slapd -VV
   

2. Verify the slapd daemon is running and active:

   sudo systemctl status slapd
   

3. Provide the cloud_user password for the LDAP server.

4. Search the existing LDAP database:

   ldapsearch -x -LLL -b dc=example,dc=com
   

On the LDAP Server

1. Generate an encrypted password:

   slappasswd
   

2. Copy the output from that command into the clipboard and save it.

3. Use a Linux text editor to add the encrypted password to the slapd configuration file:

   sudo vi /etc/openldap/slapd.d/cn=config/olcDatabase=\{2\}hdb.ldif
   

4. Change the line that starts with olcRootPW, replacing the existing string after the colon with the encrypted password you just copied.

5. After saving the configuration file, restart the service:

   sudo systemctl restart slapd
   

On the LDAP Server

1. Add a Linux user:

   sudo useradd <ANY_USER>
   

   sudo passwd <ANY_USER>
   

2. Respond with a password.

3. Grab the user and group lines from /etc/passwd and /etc/group, and output them to text files:

   grep <ANY_USER> /etc/passwd > ./passwd.txt
   

   grep <ANY_USER> /etc/group > ./group.txt
   

4. Use the migration utility to convert the Linux text into ldif format:

   /usr/share/migrationtools/migrate_passwd.pl ./passwd.txt ./passwd.ldif
   

   /usr/share/migrationtools/migrate_group.pl ./group.txt ./group.ldif
   

5. Look at the files you have created:

   cat ./passwd.ldif
   

   cat ./group.ldif
   

6. Add the ldif data to the directory:

   ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f ./passwd.ldif
   

   ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f ./group.ldif
   

7. Search the directory to determine the contents:

   ldapsearch -x cn=<ANY_USER> -b dc=example,dc=com
   

From the server configured as an LDAP client:

id <ANY_USER>