Network/Procedures/Create a Makers Local LDAP server
Quick and dirty doc because I KNOW I will forget how to do this in between.
On the zimbra box:
sudo mkdir /migr && chown -R zimbra:zimbra /migr && chmod 775 /migr sudo su - zimbra /opt/zimbra/libexec/zmslapcat /migr/ scp -r /migr newldap:
On the new LDAP server:
sudo apt-get install -y slapd sudo dpkg-reconfigure slapd #if you didn't just configure it sudo service slapd stop sudo vim /etc/ldap/slapd.d/cn\=config/olcDatabase\=\{0\}config.ldif #Add this line: olcRootPW: SomePlaintextPass sudo service slapd start sudo ldapadd -xD cn=admin,cn=config -W -f makerslocal.schema.ldif Enter LDAP Password: (the plaintext one you provided above) adding new entry "cn=makerslocal,cn=schema,cn=config"
By the way, here is the makerslocal.schema.ldif file.
dn: cn=makerslocal,cn=schema,cn=config objectClass: olcSchemaConfig cn: makerslocal olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.80 NAME 'nfcID' DESC 'Serial number for NFC device or RFID tag' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.90 NAME 'usbSerial' DESC 'Serial number for USB Device' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) olcObjectClasses: ( 1.3.6.1.4.1.4203.666.1.100 NAME 'Maker' DESC 'Member of Makers Local' SUP top AUXILIARY MAY ( usbSerial $ nfcID ) )
So now we import the actual members. First, copy ldap.bak to ldap.bak.mod and delete everything above this line: "dn: dc=makerslocal,dc=org"
Now, since the import is from zimbra we will run this command I hacked together way too fast. Really this entire procedure is a giant hack but whatever, no one is going to read this shit anyway.
grep -v mail\: ldap.bak.mod | sed 's/zimbraPrefMailForwardingAddress/mail/' | sed 's/objectClass\: zimbraAccount/objectClass\: inetOrgPerson/' | grep -v zimbra | grep -v ^\ | grep -v amavis | sed 's/structuralObjectClass\: organizationalPerson/structuralObjectClass\: inetOrgPerson/' > ldap.bak.strip
Now edit the ldap.bak.strip file (yes I am serious) and you will be deleting several bogus entries that are left over. root and postmaster must go, for instance. Then there is a "cn: conference.makerslocal.org" and that whole entry has to go, along with the other short-ass entries right next to it. The first non-bogus entry after you remove these will be our esteemed former sysadm, brimstone. After this, save and close that file and we are ready to do a dry run.
sudo service slapd stop sudo slapadd -uvl ldap.bak.strip
This will likely alert you that there are more bogus entries. Use the line numbers to go find and remove them. The error when there is a bogus entry looks like this.
548bf5c3 str2entry: entry -1 has no dn slapadd: could not parse entry (line=614)
So go edit the file and remove those.
Perhaps someday you will get to the point where the dry run is completing without errors. At this juncture you can do the real import, then start slapd again.
sudo service slapd stop && sudo slapadd -vl ldap.bak.strip && sudo service slapd start blah blah blah -#################### 100.00% eta none elapsed spd 45.8 k/s Closing DB... Starting OpenLDAP: slapd.
I haven't really done anything else so far, including perms and such on the db, but we're getting there I guess.