Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Installing and Administering LDAP-UX Client Services with Microsoft Windows 2000 Active Directory > Chapter 5 Command and Tool Reference

Name Service Migration Scripts
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

This section describes the shell and perl scripts that can migrate your name service data either from source files or NIS maps to your Active Directory. These scripts are found in /opt/ldapux/migrate/ads. The two shell scripts migrate_all_online.ads.sh and migrate_all_nis_online.ads.sh migrate all your source files or NIS maps, while the perl scripts migrate_passwd_ads.pl, migrate_hosts_ads.pl, migrate_networks_ads.pl, migrate_protocols_ads.pl, migrate_rpc_ads.pl, migrate_services_ads.pl, and migrate_group_ads.pl and so forth migrate individual maps. The shell scripts call the perl scripts.

The migration scripts require perl, version 5 or later, which is installed with the NIS/LDAP Gateway in /opt/ldapux/contrib/bin/perl.

Naming Context (applies only to SFU 2.0)

The naming context specifies where in your directory your name service data will be, under the base DN. For example, if your base DN is "ou=unix, dc=cup, dc=hp, dc=com," the passwd map would be at "cn=people, ou=unix, dc=cup, dc=hp, dc=com". Table 4-2 shows the default naming context for the supported services. The default will work in most cases.

Table 5-2 Default Naming Context

Map Name

Location in the Directory Tree

passwd

cn=Users

group

cn=Users

hosts

cn=Hosts

networks

cn=Networks

protocols

cn=Protocols

rpc

cn=Rcp

services

cn=Services

 

If you change the default naming context, modify the file migrate_common.ph and change it to reflect your naming context.

NOTE: Since users and groups are migrated to the same container, they must have unique names (common name) for the migration to succeed.

After the password and group data migration, the posix user accounts are disabled with no password. This happens because UNIX user and group passwords cannot be migrated to Active Directory for Kerberos authentication. Therefore, to allow users to log on to a UNIX system, the Active Directory administrator needs to enable the user account first and set the initial password.

CAUTION: The password migration tool migrates all user accounts from the specified source files or NIS server. For security reasons, the root user and any objects with uid=0 should either be removed from the resulting ldif file before migrating to Active Directory, or be removed from the Active Directory.
NOTE: msSFUPassword is not used by the LDAP-UX Client Services because it uses Kerberos as its authentication method. If you want to set msSFUPassword for your own purposes, you can set it with ADSI edit on your domain controllers. LDAPUX assumes all posix passwords are either in cleartext or encrypted with unix crypt and stored with a prefix {crypt}.

Migrating All Your Files

The two shell scripts migrate_all_online_ads.sh and migrate_all_nis_online_ads.sh migrate all your name service data either to LDIF or into your directory. The migrate_all_online_ads.sh shell script gets information from the source files, such as /etc/passwd, and /etc/group. The migrate_all_nis_online_ads.sh script gets information from your NIS maps using the ypcat(1) command. The scripts take no parameters but prompt you for needed information. They also prompt you for whether to leave the output as LDIF or to add the entries to your directory. These scripts call the perl scripts described under “Migrating Individual Files”. You will need to modify these scripts to ensure that any calls to perl scripts not listed in Table 4-2 are commented out.

Migrating Individual Files

The following perl scripts migrate each of your source files in /etc to LDIF. These scripts are called by the shell scripts described under “Migrating All Your Files”. The perl scripts get their information from the input source file and output LDIF.

Environment Variables

When using the perl scripts to migrate individual files, you must set the following mandatory environment variables:

LDAP_BASEDN

The base distinguished name where you want your data.
For example, the following command sets the base DN to DC=cup, DC=hp, DC=com:

export LDAP_BASEDN="DC=cup, DC=hp, DC=com"
SYNC_NISDOMAIN

Windows 2000 domain where the NIS objects reside.

General Syntax for Perl Migration Scripts

All the perl migration scripts use the following general syntax:

scriptname inputfile [outputfile]

where

scriptname

is the name of the particular script you are using. The scripts are listed below.

inputfile

is the name of the appropriate name service source file corresponding to the script you are using.

outputfile

is optional and is the name of the file where the LDIF is written. stdout is the default output.

Migration Scripts

The migration scripts are described in Table 4.3 below.

Table 5-3 Migration Scripts

Script NameDescription
migrate_base.plcreates base DN information.
migrate_group_ads.plmigrates groups in /etc/group.
migrate_hosts_ads.pl [1]migrates hosts in /etc/hosts.

migrate_networks_ads.pl

migrates networks in /etc/networks

migrate_passwd_ads.pl[2]migrates users in /etc/passwd.
migrate_protocols_ads.plmigrates protocols in /etc/protocols.
migrate_rpc_ads.pl migrates RPCs in /etc/rpc.
migrate_services_ads.pl[3]migrates services in /etc/services.
migrate_common.phis a set of routines and configuration information all the perl scripts use.

[1] Systems have been configured with the same hostname, then the migration script migrate_host.pl will create multiple entries in its resulting LDIF file with the same distinguished name for the hostname for each of the IP addresses. Since distinguished names need to be unique in an LDAP directory, users need to first manually merge the IP addresses with one designated host record and delete the duplicated records in their LDIF file. A resulting merge might look as follows:

. . . .

dn: cn=machineA, ou=hosts, ou=unix, dc=cup, dc=hp, dc=com

objectClass: top

objectClass: computer

ipHostNumber: 15.13.130.72

ipHostNumber: 15.13.104.4

ipHostNumber: 15.13.95.92

cn: machineA

cn: msSFUName: machineA

. . . .

[2] Special characters (e.g. Tab, control characters) are not allowed in the gecos field of password entries.

[3] When migrating services data into the LDAP directory, users should keep in mind that only multiple protocols can be associated with one service name, but not multiple service ports.

 

Examples

The following are some examples using the migration scripts.

The following command converts all NIS files in /etc to LDIF:

$ migrate_all_online.sh

The following commands convert /etc/passwd into LDIF and output it to stdout:

$ export LDAP_BASEDN="DC=cup,DC=hp,DC=com"
$ migrate_passwd_ads.pl /etc/passwd
 
dn: cn=Joe Bloggs,cn=Users,dc=cup, dc=hp, dc=com
objectClass: user
msSFUName: jbloggs
cn: Joe Bloggs
syncNisDomain: cup
loginShell: /usr/bin/sh
uidNumber: 101
gidNumber: 20
msSFUHomeDirectory: /home/jbloggs
gecos: Joe Bloggs,Cupertino,888-9999,
sAMAccountName: jbloggs

The following commands convert /etc/group into LDIF and place the result in /tmp/group.ldif:

$ export LDAP_BASEDN="DC=cup,DC=hp,DC=com"
$ migrate_group.pl /etc/group /tmp/group.ldif
$ cat /tmp/group.ldif
 
dn: cn=users,dc=cup,dc=hp,dc=com
objectclass: group
cn: users
gidNumber: 20
memberUid: root
syncNisDomain: cup
sAMAccountName: users


LDAP Directory Tools
  		 


Adding Users, Groups and hosts  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2002 Hewlett-Packard Development Company, L.P.