Network/Procedures/Create a Makers Local LDAP server

From Makers Local 256
Jump to: navigation, search

Quick and dirty doc because I KNOW I will forget how to do this in between.

On the zimbra box:

sudo mkdir /migr && chown -R zimbra:zimbra /migr && chmod 775 /migr
sudo su - zimbra
/opt/zimbra/libexec/zmslapcat /migr/
scp -r /migr newldap:

On the new LDAP server:

sudo apt-get install -y slapd
sudo dpkg-reconfigure slapd #if you didn't just configure it
sudo service slapd stop
sudo vim /etc/ldap/slapd.d/cn\=config/olcDatabase\=\{0\}config.ldif
#Add this line: olcRootPW: SomePlaintextPass
sudo service slapd start
sudo ldapadd -xD cn=admin,cn=config -W -f makerslocal.schema.ldif
Enter LDAP Password: (the plaintext one you provided above)
adding new entry "cn=makerslocal,cn=schema,cn=config"

By the way, here is the makerslocal.schema.ldif file.

dn: cn=makerslocal,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: makerslocal
olcAttributeTypes: ( NAME 'nfcID' DESC 'Serial number for NFC device or RFID tag' EQUALITY caseIgnoreMatch SYNTAX{1024} )
olcAttributeTypes: ( NAME 'usbSerial' DESC 'Serial number for USB Device' EQUALITY caseIgnoreMatch SYNTAX{1024} )
olcObjectClasses: ( NAME 'Maker' DESC 'Member of Makers Local' SUP top AUXILIARY MAY  ( usbSerial $ nfcID ) )

So now we import the actual members. First, copy ldap.bak to ldap.bak.mod and delete everything above this line: "dn: dc=makerslocal,dc=org"

Now, since the import is from zimbra we will run this command I hacked together way too fast. Really this entire procedure is a giant hack but whatever, no one is going to read this shit anyway.

grep -v mail\: ldap.bak.mod | sed 's/zimbraPrefMailForwardingAddress/mail/' | sed 's/objectClass\: zimbraAccount/objectClass\: inetOrgPerson/' | grep -v zimbra | grep -v ^\ | grep -v amavis | sed 's/structuralObjectClass\: organizationalPerson/structuralObjectClass\: inetOrgPerson/' > ldap.bak.strip

Now edit the ldap.bak.strip file (yes I am serious) and you will be deleting several bogus entries that are left over. root and postmaster must go, for instance. Then there is a "cn:" and that whole entry has to go, along with the other short-ass entries right next to it. The first non-bogus entry after you remove these will be our esteemed former sysadm, brimstone. After this, save and close that file and we are ready to do a dry run.

sudo service slapd stop
sudo slapadd -uvl ldap.bak.strip

This will likely alert you that there are more bogus entries. Use the line numbers to go find and remove them. The error when there is a bogus entry looks like this.

548bf5c3 str2entry: entry -1 has no dn
slapadd: could not parse entry (line=614)

So go edit the file and remove those.

Perhaps someday you will get to the point where the dry run is completing without errors. At this juncture you can do the real import, then start slapd again.

sudo service slapd stop && sudo slapadd -vl ldap.bak.strip && sudo service slapd start
blah blah blah
-#################### 100.00% eta   none elapsed                 spd  45.8 k/s
Closing DB...
Starting OpenLDAP: slapd.

I haven't really done anything else so far, including perms and such on the db, but we're getting there I guess.