Bjarne at Skolelinux Drift asked me how to migrate the LDAP database from Etch to Lenny, and one approach I would like to test is to write a script that connects to both LDAP databases, and let it read from one and insert into another.
I've written a draft script, but am unsure if there is more than users, groups, netgroups and automounts that should be copied, and if there are some transformations that should be done on the LDAP objects. User, group and netgroup objects seem to be identical in Etch and Lenny, but I am unsure if other objects have changed. Perhaps instead just all objects not already in the Lenny database should be copied instead of limiting it to only some objectclasses? Anyway, here is a draft script. Completely untested, and with hardcoded host names and password strings. I very much welcome feedback on the approach. #!/usr/bin/perl # # Script to migrate LDAP objects from a Debian Edu Etch database to an # Lenny database. # # The user and group objects in Etch and Lenny are identical, so no # editing is required to migrate these. # # http://quark.humbug.org.au/publications/ldap/ldap_tut.html use strict; use warnings; use Net::LDAP; use Data::Dumper; my $etchserver = "localhost"; # drift.slxdrift.no my $lennyserver = "localhost"; my $base = "dc=skole,dc=skolelinux,dc=no"; my $manager = "cn=admin,ou=People,$base"; my $password = 'secret'; my $uid = "test"; my $ldapetch = Net::LDAP->new($etchserver) or die "Can't bind to ldap server $etchserver: $!\n"; $ldapetch->bind; my $ldaplenny = Net::LDAP->new($lennyserver) or die "Can't bind to ldap: $!\n"; $ldaplenny->start_tls(); $ldaplenny->bind( dn => $manager, password => $password, ); migrate_users($ldapetch, $ldaplenny); migrate_groups($ldapetch, $ldaplenny); $ldaplenny->unbind; $ldapetch->unbind; sub copy_ldap_objects { my ($ldapetch, $ldaplenny, $filter) = @_; my($mesg) = $ldapetch->search( base => $base, filter => $filter); $mesg->code && die $mesg->error; foreach my $entry ($mesg->all_entries) { $entry->dump; # print Dumper($entry); my $dn = $entry->dn; my $filter = "(&(objectclass=posixAccount)(dn=$dn))"; print "F: $filter $dn\n"; my $mesg = $ldaplenny->search( base => $base, filter => $filter); my $exist = 0 < $mesg->count; if (!$exist) { #my $result = $entry->update($ldaplenny); #$result->code && warn "failed to add entry: ", $result->error; print "Want to add LDAP object:\n"; $entry->dump; } else { print "Object for $dn exist, not adding\n"; } } } sub migrate_users { my ($ldapetch, $ldaplenny) = @_; copy_ldap_objects($etchldap, $lennyldap, '(objectclass=posixAccount)'); } sub migrate_groups { my ($ldapetch, $ldaplenny) = @_; copy_ldap_objects($etchldap, $lennyldap, '(objectclass=posixGroup)'); } sub migrate_netgroups { my ($ldapetch, $ldaplenny) = @_; copy_ldap_objects($etchldap, $lennyldap, '(objectclass=nisNetgroup)'); } sub migrate_automounts { my ($ldapetch, $ldaplenny) = @_; copy_ldap_objects($etchldap, $lennyldap, '(objectclass=automount)'); } Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100609120515.gf18...@login1.uio.no
