Presentation is loading. Please wait.

Presentation is loading. Please wait.

Migrating to LDAP What is LDAP? Fedora Directory Server LdapImport

Published byAubrie Sutton Modified over 7 years ago

Similar presentations

Presentation on theme: "Migrating to LDAP What is LDAP? Fedora Directory Server LdapImport"— Presentation transcript:

1 Migrating to LDAP What is LDAP? Fedora Directory Server LdapImport
LDAP Tools

2 What is LDAP? Lightweight Directory Access Protocol
Common on-wire protocol – ASN.1 Common export format – LDIF Common replication format – LDUP Tree structure form of objects via “DNs”

3 DN “Distinguished Name” dc=babel,dc=com,dc=au
ou=People,dc=babel,dc=com,dc=au uid=del,ou=People,dc=babel,dc=com,dc=au

4 LDAP Protocols LDAP – Common Protocol on wire
LDIF -- Common object and schema management format Different implementations have varying degrees of compliance.

5 LDAP vs DBMS Directory has one schema, one “row” type (“object”). RDBMS has many tables. Directory is optimised for read, slow for writes. Directory has an adaptable and mutable schema format – good for storing information about “people”. Access protocol – LDAP vs SQL

6 Replication One or more LDAP servers can participate.
Single-master or multi-master implementations (OpenLDAP vs FDS). Common on-wire replication protocol – LDUP. Replication between different directory types can be problematic.

7 LDAP Schema Common format for specifying schemae – LDIF (implementations vary). Fixed vs in-directory schema. IANA assignments.

8 Schema Replication Schema replication may or may not be supported.
FDS only replicates 99user.ldif schema changes if entered via LDAP. OpenLDAP – no schema replication.

9 LDAP Applications Authentication – PAM, Samba.
Name Space Services – NSS, Samba.

10 PAM PAM – Pluggable Authentication Modules
PAM handles authentication only. PAM Authentication == LDAP “bind”.

11 NSS NSS – Name Service Switch
NSS handles “name” services, including user names, home directories, etc. LDAP supports NSS and PAM via modules. Ensure module load order is correct and valid. Like “network-aware” passwd & group files.

12 LDAP and NSS Human accounts under ou=People,...
Groups under ou=Groups,... authconfig /etc/nsswitch.conf /etc/ldap.conf

13 FDS http://directory.fedoraproject.org/ 4 Way multi-master replication
Scalable Extensive Documentation In-directory management (schema etc) – no restart needed to change schema or ACIs

14 Components LDAP – Fedora Directory Server LdapImport

15 Installing FDS Post-installation setup: /opt/fedora-ds/setup/setup
Installation Instructions: server/install/7.1/ Performance Tuning Notes: Installation Scripts: erver Post-installation setup: /opt/fedora-ds/setup/setup Verification: ldapsearch -x -s base -b “” “objectclass=*”

16 Indexes The server doesn't come with an index on uidNumber by default, should create one. Open the console, select the directory server, click Open Configuration tab. Open the Data->(your base DN)->Database part of the tree. Go to the Indexes tab. Under Additional indexes click on Add attribute.... Add the indexes you need. A good place to start includes uidNumber and gidNumber . Click Save. This can take a bit of time, and the database will be locked (in read-only mode) while you do this.

17 Search Result Limit Default setting is to return 2000 entries in a query only. This needs to be increased in a few places in the directory manager part of the console. Open the console, select the directory server, click Open Configuration tab, select the server object itself. Performance tab, change the limit from 2000 to more. Click Save. Open the Data -> Database Link Settings part of the tree. Go to the Default Creation Parameters tab. Change the size limit from 2000 to more. Click Save. Open the Data -> Database Settings part of the tree. Go to the LDBM Plug-in Settings tab, change the Look-through limit from 5000 entries to more. Click Save.

18 Connect to LDAP FC4 and earlier: authconfig FC5+: authconfig-tui

19 LdapImport Originally designed as a tool to assist migration from OpenLDAP to FedoraDirectoryServer but has been developed into a general purpose LDAP migration tool. LdapImport.pl imports data into a destination LDAP server, from one of two sources. The data can come from either: Another (source) LDAP server, or /etc/passwd, /etc/shadow and /etc/group files.

20 Schema Mapping Some attempt at schema checking and/or mapping is done.
Also, LdapImport will over-write existing entries in the destination LDAP server if required.

21 GUI Mode There is none Anyone familiar with Perl GTK/Qt toolkits?
Glade?

22 Perl requirements A reasonably recent version of Perl ( This should include at least the Carp and Data::Dumper modules perl-LDAP (Net::LDAP CPAN module), available from or as an RPM shipped with FedoraCore 3 or 4. You may need to install this using yum -y install perl-LDAP. perl-Time-HiRes (Time::HiRes CPAN module), also shipped with Fedora Core 3 or later. You may need to install this using yum -y install perl-Time-HiRes. perl-Log-Log4perl (Log::Log4perl CPAN module) – shipped with Fedora Core 3 or later. You may need to install this using yum -y install perl-Log-Log4perl.

23 LdapImport in action Logging Log file name [LdapImport.log] ?

24 Destination Server Destination LDAP Server Name [localhost] ?
I am guessing that this is a FEDORA server. Root DN to bind to localhost [cn=Directory Manager] ? Password for cn=Directory Manager [] ? ENTERyourPASSWORDhere OU to contain users in localhost [ou=People, dc=babel,dc=office] ? OU to contain groups in localhost [ou=Groups, dc=babel,dc=office] ? domain [babel.office] ?

25 Source Source type -- Files/Winbind/Server [f/w/s] [s] ? f
Should I migrate user accounts (y/n) [y] ? /etc/passwd file location [/etc/passwd] ? /etc/shadow file location [/etc/shadow] ? Should I migrate groups (y/n) [y] ? /etc/group file location [/etc/group] ?

26 Other LDAP Tools Fedora Console LAM GQ

27 Fedora Console Web Based or Java Based
Each has different functionality Web based acts as a “gateway” service Can be customised See Gateway Customisation Manual

28 LAM LDAP Account Manager Web Based
Useful for managing Samba and LDAP account information High-Level Schema views

29 GQ Useful for LDAP browsing & debugging Low Level Tree Browser
Schema Browser Not currently maintained

Download ppt "Migrating to LDAP What is LDAP? Fedora Directory Server LdapImport"

Similar presentations

Unauthorized Reproduction Prohibited SkyPoint Alarm Integration Add-On Using OnGuard Alarms to create events in SkyPoint Also called ‘SkyPoint V0’ CR4400.

Unauthorized Reproduction Prohibited SkyPoint Alarm Integration Add-On Using OnGuard Alarms to create events in SkyPoint Also called ‘SkyPoint V0’ CR4400.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Samba Integrating SMB file systems with UNIX. Samba Provides a file server compatible with Windows 9x and NT.. SMB Can function in NETBIOS name browsing.

Samba Integrating SMB file systems with UNIX. Samba Provides a file server compatible with Windows 9x and NT.. SMB Can function in NETBIOS name browsing.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
1 Chapter 1 Introduction to Windows Server 2003. 2 Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.

1 Chapter 1 Introduction to Windows Server Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
SETUP AND CONFIGURATIONS WEBLOGIC SERVER. 1.Weblogic Installation 2.Creating domain through configuration wizard 3.Creating domain using existing template.

SETUP AND CONFIGURATIONS WEBLOGIC SERVER. 1.Weblogic Installation 2.Creating domain through configuration wizard 3.Creating domain using existing template.
CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Advanced Samba Administration Part.

© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Advanced Samba Administration Part.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
1 SAMBA. 2 Module - SAMBA ♦ Overview The presence of diverse machines in the network environment is natural. So their interoperability is critical. This.

1 SAMBA. 2 Module - SAMBA ♦ Overview The presence of diverse machines in the network environment is natural. So their interoperability is critical. This.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.

GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.
SPARCS 10 이대근 (harry). Contents  Directory Service  What is LDAP?  Installation  Configuration  ldap-utils  User authentication with LDAP.

SPARCS 10 이대근 (harry). Contents  Directory Service  What is LDAP?  Installation  Configuration  ldap-utils  User authentication with LDAP.
WaveMaker Visual AJAX Studio 4.0 Training Authentication.

WaveMaker Visual AJAX Studio 4.0 Training Authentication.
Extending Active Directory Authentication and Account Management To Solaris 10 Systems A HOWTO guide for joining a Solaris 10 (8/07) host to a domain in.

Extending Active Directory Authentication and Account Management To Solaris 10 Systems A HOWTO guide for joining a Solaris 10 (8/07) host to a domain in.
SAMBA Integrating Linux and Window. What is Samba? Free suite of programs that enables flavors of UNIX to work with other operating systems such as OS/2.

SAMBA Integrating Linux and Window. What is Samba? Free suite of programs that enables flavors of UNIX to work with other operating systems such as OS/2.

Similar presentations

Ads by Google