0

I have an OpenLDAP server running on one of my ubuntu 8.10 servers. I used command-line only for OpenLdap installation and some basic configurations, everything else I'll configure with the Webmin gui tool. I'm trying to migrate to ubuntu 10.04 and I was able to migrate all other servies, application and databases but not the ldap.

I'm an ldap beginner:

I have installed OpenLDAP server and client on ubuntu 10.04 server using the link and used the following command to export and import ldap users and groups

To export from 8.10 server slapcat > ldap.ldif

To import to 10.04 server Stop ldap and slapadd -l ldap.ldif and Start ldap

Then I accessed Webmin and checked in Ldap users and groups and I could see all the users and groups of my old ldap server.Whenever I create an ldap user from the webmin(in 8.10 or 10.04) a unix user is also created with the home directory under /home. But the imported users in 10.04 from 8.10 are not present as a unix user(/etc/passwd). How could I make the ldap users available as a unix user, is there any perfect way to export and import?.

I also wanted to check the ldap users from the terminal that if password is exported properly but I don't know how to access the ldap users which are not available as unix users. On 8.10, I just use su - ldapuser and it is not working in the 10.04 as unix users are not created for the exported ldap users. If every thing works fine then the CVS works as it is using ldap authentication.

Anybody could help me?

user53864
  • 1,653
  • 8
  • 36
  • 66

1 Answers1

2

LDAP users will not be present in /etc/passwd. In a Unix system, /etc/passwd is only one of a number of places it can look for directory information, including users and groups. Where it looks is controlled by /etc/nsswitch.conf.

To see if you actually have successfully imported your users in a way Ubuntu understands, use the getent command to retrieve the current list of accounts:

getent passwd

If your LDAP directory has been correctly enabled, you will see a full list of all the users, formatted like a passwd file.

If that doesn't work, I'm afraid I can't help as I'm not familiar with webmin. Ubuntu 10.04 does make it pretty simple to enable LDAP auth from the command line, though, using auth-client-config:

https://wiki.ubuntu.com/AuthClientConfig

Insyte
  • 9,314
  • 2
  • 27
  • 45
  • Good information!. `getent passwd` listed the users(default users) and none of the users I imported are listed. Next you'll be saying I didn't properly import it, and I confess. Haa.... if you are in my place, what you would have done to export and import ldap users properly?. Thank you! – user53864 Mar 16 '11 at 07:51
  • It sounds like you probably did import them correctly. I assume that if you run `slapcat` on the new server, you see all of the imported LDAP accounts. If your system does not see them, that would imply that it is either not configured to look at LDAP for user information, or that it was expecting different LDAP fields. – Insyte Mar 16 '11 at 15:20
  • First, check the contents of `/etc/nsswitch.conf`. Is LDAP listed in the passwd, group, shadow lines? – Insyte Mar 16 '11 at 15:22
  • It seems to be solved. Your already gave the solution but I overlooked it i.e `auth-client-config`. I just accidentally referred the ubuntu10.04 ldap document and I saw something saying profile and when I used this `auth-client-config -t nss -p lac_ldap ` and just checked `su - ldapuser` and it switched. After that I tried `getent passwd` as you said and it listed all the ldap users I exported. The problem with you solution is, you are thinking you are assisting to an expert(I didn't what was that auth-client...) I felt like that but I am a kid in front of you and ldap. Awesome! thanks a lot! – user53864 Mar 16 '11 at 16:03
  • I've a small problem with the CVS. Actually there is an option(webmin) to enable so that whenever a ldap user is created, a CVS user(copies from ldap) will also be created. But it didn't create the cvs users when imported ldap user. When I manually create the ldap users(webmin) then it creates the cvs users. If you have any hints, please you can! – user53864 Mar 16 '11 at 16:10
  • 1
    It sounds like webmin is creating actual CVS users automatically when you use its interface. I'm not familiar with how that works. However, according to the article below, you should be able to tell your CVS server to just use the system accounts for authentication. See the section on "Adding and editing users," towards the bottom of the page. http://doxfer.webmin.com/Webmin/CVSServer – Insyte Mar 17 '11 at 04:09
  • yes, there we can create the cvs users similar to unix users(but not ldap) and has an option to copy the password from that particualr unix user. But when I create ldap user, a cvs user is automatically created but the cvs users are not created for the exported ldap users. Anyhow thank a lot for the links and thank you!. I try in the google if any way to export ldap users to cvs user! – user53864 Mar 17 '11 at 07:35