Easing the pain of LDAP setup

Dax Kelson dax at gurulabs.com
Wed Jul 23 05:10:42 UTC 2003


Getting a LDAP directory setup as a NIS replacement is needlessly
difficult. 

When setting up an LDAP directory an early first step is importing your
existing accounts. The PADL.COM scripts are included with RHL now and
are the recommend way to get your LDAP directory populated.

I wrote a single script "ldapmigrate" (free software) that replaces all
the PADL.COM scripts. The advantages of "ldapmigrate" over the PADL
scripts are as follows:

1.  My script doesn't have to run on the LDAP server itself, ie, it can
migrate /etc/* over the network.

2. It can optionally bind to the LDAP server over SSL/TLS for security.

3. It is a SINGLE ~400 line script versus the ~27 PADL.COM perl and
bourne scripts that total over 3000 lines. (see note below)

4. It is driven via command line arguments and is self documented via
--help. To use the PADL.COM scripts you must edit perl scalar variables
in various spots *inside* the scripts.

5. You can easily select the which /etc file you would like to migrate.

Finally getting to the point, I would love to have "ldapmigrate"
included in RHL to promote and encourage and ease the adoption of LDAP.
However, to do this I need the Net::LDAP module (it has a couple
dependencies) included in RHL first. Even without "ldapmigrate" the
Net::LDAP module would be a great addition.

Here is a RFE I opened in Feb 2002, please add comments if you see fit.

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=59225

Dax Kelson
Guru Labs
(RHCE, Solaris, CCNP certified FWIW)

Note: I see zero point in storing certain files in your LDAP directory
such as /etc/rpc or /etc/protocols. This contributes to the reduced size
of "ldapmigrate' vs the PADL scripts.





More information about the fedora-list mailing list