Re: General LDAP question concerning passwords.

john guardian · ‎04-16-2011

I found the below text at another site. It suggests that the /etc/passwd file is used to create an LDAP password file. Can anyone tell me what the name and path of this file is?

Thx.

============================================
The LDAP-UX package comes with a migration script which creates an ldif file from the /etc/passwd file. The ldif file can be inserted into the directory with the ldap client tools. After inserting the user accounts into the directory, ldapsearch can be used for verifying that the accounts are found in LDAP.
/opt/ldapux/migrate/migrate_passwd.pl /etc/passwd ./passwd.ldif /opt/ldapux/bin/ldapmodify -a -h localhost -D cn=root -w secret -f passwd.ldif /opt/ldapux/bin/ldapsearch -b ou=People,o=ssh.com objectclass=*
=============================================

Matti_Kurkela · ‎04-17-2011

> /opt/ldapux/migrate/migrate_passwd.pl /etc/passwd ./passwd.ldif

This command will produce a passwd.ldif file to the current working directory. The passwd.ldif file will contain the password information in a format that is suitable for entering into a LDAP directory.

> /opt/ldapux/bin/ldapmodify -a -h localhost -D cn=root -w secret -f passwd.ldif

This command applies the contents of the passwd.ldif file to a LDAP directory server. In this example, the LDAP server is assumed to be on localhost.

The LDAP-UX package is just a client: it does not include any LDAP directory server software at all, and is not functional without a LDAP server. You'll need to install your LDAP server separately. If you don't have one, perhaps you might wish to download the free RedHat Directory Server for HP-UX? It's available from software.hp.com:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=RHDirSvr

Without knowing which LDAP server implementation you've chosen and how you've configured it, it is not possible to know the name of the file that will ultimately contain the password information.

MK

MK

Aneesh Mohan · ‎04-18-2011

Hi,

Local User migration to HP ldap directory.
=======================================

1) cp /etc/passwd /tmp/passwd

2) Remove all the lines in /etc/passwd except the one you are migrating

3) export LDAP_BASEDN="ou=xxx,o=xxxx.com"

5) /opt/ldapux/migrate /tmp/passwd /tmp/passwd.ldif

6) edit /tmp/passwd.ldif and update new uid and also confirm the "DN"

7) Migrate the user in to LDAP
/opt/ldapux/bin
ldapmodify â a â h ldapserver â D â cn=xxxxxâ â w password â f /tmp/passwd.ldif

8)Edit /etc/passwd using vipw and delete the account which you migrated to ldap

9) Confirm the availability of the account in LDAP

#nsquery passwd username

10) Update the ownership of the users with new uid ( if any change in uids )

11) Check the account using LDAP

Aneesh

john guardian · ‎04-19-2011

Matti,

Makes sense. I knew about LDAP-UX being a client.

As to the config file for LDAP-UX, is it ldap.conf or ldapclientd.conf? I've seen references to both in various links both here and in other 'NIX forums, but can't recall where. I have the LDAP-UX package/bundle but haven't been able to install yet due to our policies governing install-only at the end of the month.

Richard Hepworth · ‎04-19-2011

Hi John,

If you are unfamiliar with LDAP-UX I'd suggest using the guided setup utility that comes with it (/opt/ldapux/config/setup). All changes configured using setup are applied under /etc/opt/ldapux so you can just copy the files from under here to the rest of your systems after the initial setup.

The setup utility also gives you the option of creating an ldapux profile in the directory itself which is useful as all your future clients can refer to this central profile for most of their configuration.

regards,

Richard

PhilMil · ‎04-25-2011

With LDAP-UX 5.0 or later, there's autosetup, which simplifies installation and configuration even further. Setting up an HP-UX client with LDAP-based security
can be accomplished in a matter of moments. The information required for installation is kept to
an absolute minimum. For example, the only information required when installing and configuring
LDAP-UX into an existing directory server environment is the name of the directory server or the
name of the LDAP-UX domain being joined, and the credentials of a user who is permitted to either
create a new domain or join an existing one.
See the LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS at
http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?lang=en&cc=us&taskId=101&prodClassId=10008&contentType=SupportManual&docIndexId=64255&prodTypeId=18964&prodSeriesId=4164594

HP-UX Documentation
Although I am an HP employee, I am speaking for myself and not for HP.

UNIX Group LandOLakes · ‎05-24-2011

Re: Aneesh's post.....

I *REALLY* hope that most of his post is a typo. You should *NOT* be modifying the contents of /etc/passwd, but the contents of /tmp/passwd instead.

Re: General LDAP question concerning passwords.

General LDAP question concerning passwords.