Difference between revisions of "Network/Procedures/Create a Makers Local LDAP server"
From Makers Local 256
< Network
(PROGRESS) |
m (I don't know what wiki softwarw i am asfjiojqa89wejf98awe9fja908s) |
||
| Line 3: | Line 3: | ||
On the zimbra box: | On the zimbra box: | ||
| − | < | + | <syntaxhighlight lang="bash"> |
sudo mkdir /migr && chown -R zimbra:zimbra /migr && chmod 775 /migr | sudo mkdir /migr && chown -R zimbra:zimbra /migr && chmod 775 /migr | ||
sudo su - zimbra | sudo su - zimbra | ||
/opt/zimbra/libexec/zmslapcat /migr/ | /opt/zimbra/libexec/zmslapcat /migr/ | ||
scp -r /migr newldap: | scp -r /migr newldap: | ||
| − | </ | + | </syntaxhighlight> |
On the new LDAP server: | On the new LDAP server: | ||
| − | < | + | <syntaxhighlight lang="bash"> |
sudo apt-get install -y slapd | sudo apt-get install -y slapd | ||
sudo dpkg-reconfigure slapd #if you didn't just configure it | sudo dpkg-reconfigure slapd #if you didn't just configure it | ||
| Line 22: | Line 22: | ||
Enter LDAP Password: (the plaintext one you provided above) | Enter LDAP Password: (the plaintext one you provided above) | ||
adding new entry "cn=makerslocal,cn=schema,cn=config" | adding new entry "cn=makerslocal,cn=schema,cn=config" | ||
| − | </ | + | </syntaxhighlight> |
By the way, here is the makerslocal.schema.ldif file. | By the way, here is the makerslocal.schema.ldif file. | ||
| − | < | + | <syntaxhighlight lang="bash"> |
dn: cn=makerslocal,cn=schema,cn=config | dn: cn=makerslocal,cn=schema,cn=config | ||
objectClass: olcSchemaConfig | objectClass: olcSchemaConfig | ||
| Line 33: | Line 33: | ||
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.90 NAME 'usbSerial' DESC 'Serial number for USB Device' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) | olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.90 NAME 'usbSerial' DESC 'Serial number for USB Device' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) | ||
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.1.100 NAME 'Maker' DESC 'Member of Makers Local' SUP top AUXILIARY MAY ( usbSerial $ nfcID ) ) | olcObjectClasses: ( 1.3.6.1.4.1.4203.666.1.100 NAME 'Maker' DESC 'Member of Makers Local' SUP top AUXILIARY MAY ( usbSerial $ nfcID ) ) | ||
| − | </ | + | </syntaxhighlight> |
So now we import the actual members. First, copy ldap.bak to ldap.bak.mod and delete everything above this line: "dn: dc=makerslocal,dc=org" | So now we import the actual members. First, copy ldap.bak to ldap.bak.mod and delete everything above this line: "dn: dc=makerslocal,dc=org" | ||
| Line 39: | Line 39: | ||
Now, since the import is from zimbra we will run this command I hacked together way too fast. Really this entire procedure is a giant hack but whatever, no one is going to read this shit anyway. | Now, since the import is from zimbra we will run this command I hacked together way too fast. Really this entire procedure is a giant hack but whatever, no one is going to read this shit anyway. | ||
| − | < | + | <syntaxhighlight lang="bash"> |
grep -v mail\: ldap.bak.mod | sed 's/zimbraPrefMailForwardingAddress/mail/' | sed 's/objectClass\: zimbraAccount/objectClass\: inetOrgPerson/' | grep -v zimbra | grep -v ^\ | grep -v amavis | sed 's/structuralObjectClass\: organizationalPerson/structuralObjectClass\: inetOrgPerson/' > ldap.bak.strip | grep -v mail\: ldap.bak.mod | sed 's/zimbraPrefMailForwardingAddress/mail/' | sed 's/objectClass\: zimbraAccount/objectClass\: inetOrgPerson/' | grep -v zimbra | grep -v ^\ | grep -v amavis | sed 's/structuralObjectClass\: organizationalPerson/structuralObjectClass\: inetOrgPerson/' > ldap.bak.strip | ||
| − | </ | + | </syntaxhighlight> |
Now edit the ldap.bak.strip file (yes I am serious) and you will be deleting several bogus entries that are left over. root and postmaster must go, for instance. Then there is a "cn: conference.makerslocal.org" and that whole entry has to go, along with the other short-ass entries right next to it. The first non-bogus entry after you remove these will be our esteemed former sysadm, brimstone. After this, save and close that file and we are ready to do a dry run. | Now edit the ldap.bak.strip file (yes I am serious) and you will be deleting several bogus entries that are left over. root and postmaster must go, for instance. Then there is a "cn: conference.makerslocal.org" and that whole entry has to go, along with the other short-ass entries right next to it. The first non-bogus entry after you remove these will be our esteemed former sysadm, brimstone. After this, save and close that file and we are ready to do a dry run. | ||
| − | < | + | <syntaxhighlight lang="bash"> |
sudo service slapd stop | sudo service slapd stop | ||
sudo slapadd -uvl ldap.bak.strip | sudo slapadd -uvl ldap.bak.strip | ||
| − | </ | + | </syntaxhighlight> |
This will likely alert you that there are more bogus entries. Use the line numbers to go find and remove them. The error when there is a bogus entry looks like this. | This will likely alert you that there are more bogus entries. Use the line numbers to go find and remove them. The error when there is a bogus entry looks like this. | ||
| − | < | + | <syntaxhighlight lang="bash"> |
548bf5c3 str2entry: entry -1 has no dn | 548bf5c3 str2entry: entry -1 has no dn | ||
slapadd: could not parse entry (line=614) | slapadd: could not parse entry (line=614) | ||
| − | </ | + | </syntaxhighlight> |
So go edit the file and remove those. | So go edit the file and remove those. | ||
| Line 61: | Line 61: | ||
Perhaps someday you will get to the point where the dry run is completing without errors. At this juncture you can do the real import, then start slapd again. | Perhaps someday you will get to the point where the dry run is completing without errors. At this juncture you can do the real import, then start slapd again. | ||
| − | < | + | <syntaxhighlight lang="bash"> |
sudo service slapd stop && sudo slapadd -vl ldap.bak.strip && sudo service slapd start | sudo service slapd stop && sudo slapadd -vl ldap.bak.strip && sudo service slapd start | ||
blah blah blah | blah blah blah | ||
| Line 67: | Line 67: | ||
Closing DB... | Closing DB... | ||
Starting OpenLDAP: slapd. | Starting OpenLDAP: slapd. | ||
| − | </ | + | </syntaxhighlight> |
I haven't really done anything else so far, including perms and such on the db, but we're getting there I guess. | I haven't really done anything else so far, including perms and such on the db, but we're getting there I guess. | ||
Latest revision as of 03:18, 13 December 2014
Quick and dirty doc because I KNOW I will forget how to do this in between.
On the zimbra box:
sudo mkdir /migr && chown -R zimbra:zimbra /migr && chmod 775 /migr sudo su - zimbra /opt/zimbra/libexec/zmslapcat /migr/ scp -r /migr newldap:
On the new LDAP server:
sudo apt-get install -y slapd sudo dpkg-reconfigure slapd #if you didn't just configure it sudo service slapd stop sudo vim /etc/ldap/slapd.d/cn\=config/olcDatabase\=\{0\}config.ldif #Add this line: olcRootPW: SomePlaintextPass sudo service slapd start sudo ldapadd -xD cn=admin,cn=config -W -f makerslocal.schema.ldif Enter LDAP Password: (the plaintext one you provided above) adding new entry "cn=makerslocal,cn=schema,cn=config"
By the way, here is the makerslocal.schema.ldif file.
dn: cn=makerslocal,cn=schema,cn=config objectClass: olcSchemaConfig cn: makerslocal olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.80 NAME 'nfcID' DESC 'Serial number for NFC device or RFID tag' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.90 NAME 'usbSerial' DESC 'Serial number for USB Device' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) olcObjectClasses: ( 1.3.6.1.4.1.4203.666.1.100 NAME 'Maker' DESC 'Member of Makers Local' SUP top AUXILIARY MAY ( usbSerial $ nfcID ) )
So now we import the actual members. First, copy ldap.bak to ldap.bak.mod and delete everything above this line: "dn: dc=makerslocal,dc=org"
Now, since the import is from zimbra we will run this command I hacked together way too fast. Really this entire procedure is a giant hack but whatever, no one is going to read this shit anyway.
grep -v mail\: ldap.bak.mod | sed 's/zimbraPrefMailForwardingAddress/mail/' | sed 's/objectClass\: zimbraAccount/objectClass\: inetOrgPerson/' | grep -v zimbra | grep -v ^\ | grep -v amavis | sed 's/structuralObjectClass\: organizationalPerson/structuralObjectClass\: inetOrgPerson/' > ldap.bak.strip
Now edit the ldap.bak.strip file (yes I am serious) and you will be deleting several bogus entries that are left over. root and postmaster must go, for instance. Then there is a "cn: conference.makerslocal.org" and that whole entry has to go, along with the other short-ass entries right next to it. The first non-bogus entry after you remove these will be our esteemed former sysadm, brimstone. After this, save and close that file and we are ready to do a dry run.
sudo service slapd stop sudo slapadd -uvl ldap.bak.strip
This will likely alert you that there are more bogus entries. Use the line numbers to go find and remove them. The error when there is a bogus entry looks like this.
548bf5c3 str2entry: entry -1 has no dn slapadd: could not parse entry (line=614)
So go edit the file and remove those.
Perhaps someday you will get to the point where the dry run is completing without errors. At this juncture you can do the real import, then start slapd again.
sudo service slapd stop && sudo slapadd -vl ldap.bak.strip && sudo service slapd start blah blah blah -#################### 100.00% eta none elapsed spd 45.8 k/s Closing DB... Starting OpenLDAP: slapd.
I haven't really done anything else so far, including perms and such on the db, but we're getting there I guess.
