CentOS 8.x Migrate OpenLDAP ldif to 389-DS

From Notes_Wiki
Revision as of 17:26, 15 May 2022 by Saurabh (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Home > CentOS > CentOS 8.x > CentOS 8.x authentication servers > CentOS 8.x 389DS > CentOS 8.x Migrate OpenLDAP ldif to 389-DS

These are simpler steps assuming use of default schema in openLDAP. If custom schema was used then perhaps that needs to be migrated before the entries can be migrated.

It is possible to migrate openLDAP database to 389-Ds using:

  1. First login to openldap using rootdn credentials and export ldif file. Example:
    ldapsearch -x -LLL -D 'cn=root,dc=sbarjatiya,dc=com' -W > openldap1.ldif
    Root dn is recommended so that userPasswords also get exported and become part of ldif
  2. Then download script 'openLDAP2Fedora.pl' which will convert passwords from openldap to 389-DS from https://directory.fedoraproject.org/docs/389ds/scripts.html
  3. Run the script to convert openldap backup to 389DS format. For Example
    chmod +x openLDAP2Fedora.p
    ./openLDAP2Fedora.pl openldap1.ldif 389ds1.ldif
  4. Copy (rsync or scp) output file (eg 389ds1 in above example to new 389ds server setup using same suffice (Eg dc=sbarjatitya,dc=com)
  5. You should be able to add the ldif to 389-DS using:
    ldapadd -x -D 'cn=Directory Manager' -W -f 389ds1.ldif
    Note during installation if you choose to create top suffix entry 'Create just the top suffix entry [no]: yes' then during import you might see
    adding new entry "dc=sbarjatiya,dc=com"
    ldap_add: Already exists (68)
    This is because the top suffix entry for 'dc=sbarjatiya,dc=com' was created during 389-ds setup. You can comment this particular entry in 389ds1.ldif and import the remaining entries


Refer:


Home > CentOS > CentOS 8.x > CentOS 8.x authentication servers > CentOS 8.x 389DS > CentOS 8.x Migrate OpenLDAP ldif to 389-DS