On Thursday, 25 March 2010 14:12:40 Götz Reinicke - IT-Koordinator wrote: > Hi, > > a couple of weeks ago I started to learn ldap and set up some test > servers with the latest openldap for centos 5.4. I learned about > schemas, ldif, ldap browsers etc. So I have an advanced basic knowledge > about the technical fundamentals. > > The primary goal is to have the login information for our mail and > fileserver system in one place. > > Right now we do use sendmail, dovecot and samba. > > After testing some of the migration tools for migrating posix and > sambaSam accounts, I was asking myselve: what is the best way to start > the migration? Right now the directory is completely empty, so I can > start from scratch. > > Both types of accounts do have different attributes and furthermore I'd > like to use some inetOrgPerson/organizationalPerson attributes.
The only thing to worry about here is which structural objectclass to use, it is usually either a choice between 'account' and 'inetOrgPerson'. There is no issue with posixAccount or sambaSamAccount, they are both auxiliary. For the rgc2307 vs rfc2307bis group issue, I don't think samba supports rfc2307bis, so you should go with rfc2307 (using memberUid for denoting members of groups, holding the username, not the DN). > So should I first run the smbldaptool or first fill the directory with > the migrate_....sh script? You may have to do some preparation of the directory, for example, if you are going to use smbldap-tools in your final system, you could use smbldap-populate for the initial setup (ensure you set the SIDs correctly in the configuration file). Once you have samba and smbldap-tools configured correctly, you can migrate your samba accounts to LDAP using pdbedit, which should use the 'add user script' and 'add machine script' commands and/or the direct LDAP write support in samba to do the migration of the accounts for you. If you have a test system available, I would definitely test first, especially if you are running samba as a DC. Regards, Buchan
