Re: new ldap installation -LDAP newbie question

[Rex Roof <rex@wccnet.edu>]

if you've built openldap with --enable-crypt  you may be able to load  
the passwords with the {CRYPT} password type.  I've only had limited  
luck with this.

when our campus rolled out LDAP we forced our 2000 employees and  
10,000 students to all change their passwords, also enforcing new  
password strength restrictions.

-Rex


On Mar 11, 2009, at 5:36 PM, Swenson, Chris wrote:

> This is a bit difficult to articulate.
> Is there a way to move only the passwords from a passwd file  into  
> ldap?
>
> I have built out an ldap server and a client box and can successful  
> authenticate from one to the other.
>
> I am using this to replace an old RHEL that has depended on the  
> passwd file with nearly 10,000 users.
>
> To add the users to the new server I have parsed and imported a good  
> deal of the data in the passwd file into on Oracle Db that has all  
> the HR stuff
> and then scripted an output ldif to add the users into the new ldap  
> server.  Good so far, this works.
>
> My concern is thus.  Ldap is on a new box.  There is a lot of junk  
> in the old box I want to leave behind, hence the rewrite via oracle.
>
> I want to extract only the passwords from the passwd file and write  
> them to the new ldap server.
>
> If I run migrate_passwd.pl and pull the passwords out, they are  
> hashed in some way and I cannot write them to the ldap nor script  
> setting the password from the old one.
> Even if I run the passwd file through pwunconv they seem to be  
> unusable.
>
> I dread the thought of having to communicate with 9000 students and  
> nearly 1000 faculty and staff with new passwords.
>
> Regards
> Chris S.