phpgroupware-developers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-developers] Migration of LDAP Accounts from 0.9.14 to 0.9.


From: Philipp Kamps
Subject: [Phpgroupware-developers] Migration of LDAP Accounts from 0.9.14 to 0.9.16
Date: Wed, 07 Apr 2004 15:45:00 +0200

Hi,

this text explains a step-by-step migration from old (0.9.14)
LDAP Accounts to the new version of LDAP Accounts/Groups (0.9.16).

This text is not perfect and I'm happy to include feedback.

Cheers, fips

==========

1. Make a backup of your existing LDAP
  - Make sure you are 'root'

  - Stop your LDAP server
    >/etc/init.d/slapd stop (debian)

  - Locate your LDAP repository directory and make a backup
    >tar cvzf ~/ldap_bak.tar.gz /var/lib/ldap

  - Restart your LDAP server
    >/etc/init.d/slapd start

2. Get all accounts/groups for the phpgw 0.9.14 in your LDAP

   - Search for all phpgw accounts
     -h <ldaphost>
     -D <bindDN>
      (you don't need this one if you allow anonymous access
       to your LDAP)
     -x simple bind
     -W ask for password
      (you don't need this one if you allow anonymous access
       to your LDAP)
     -b <baseDN> of your basedn with the phpgw accounts

   >ldapsearch -h localhost -D cn=Manager,dc=yourdomain,dc=yourcountry
-x -W -b ou=accounts,dc=yourdomain,dc=yourcountry
"(&(objectclass=phpgwAccount)(phpgwAccountType=u))" >
~/phpgwAccounts.ldif

   - Search for all phpgw groups
     Just change the 'u' to 'g' and the target file in the command:

   >ldapsearch -h localhost -D cn=Manager,dc=yourdomain,dc=yourcountry
-x -W -b ou=accounts,dc=yourdomain,dc=yourcountry
"(&(objectclass=phpgwAccount)(phpgwAccountType=g))" > ~/phpgwGroups.ldif

3. Delete all old 0.9.14 LDAP entries.
   - The easiest way to delete these entries is to use the gq
     application to delete the hole baseDN for your phpgw accounts and
     groups; and to only recreate this baseDN again.

   - Make sure you delete all addressbook entries in your LDAP as well.
     The new contact backend doesn't allow LDAP as a repository.
     Sorry for that.

4. Change LDAP schema
   - Once you have deleted all old phpgw 0.9.14 entries stop your
     LDAP server again.
   - Edit your LDAP server configuration file:
     >vi /etc/ldap/slapd.conf  (debian)
     
   - Locate following line in the config file:
     include         /etc/openldap/schema/phpgwaccount.schema

   - Change it to:
     include         /etc/openldap/schema/phpgroupware.schema

   - Locate following line in the config file:
     include         /etc/openldap/schema/phpgwcontact.schema
   - Remove this line

   - Restart your LDAP server

5. Adapt your exported ldif file for accounts:

   - Edit your exported phpgwAccounts.ldif file:
   >vi ~/phpgwAccounts.ldif

   - Each ldif entry (they are separated by a blank line)
     must be altered either by hand or by search/replace
     statements

   - Make sure each ldif entry only have following
     objectclasses:

     objectClass: posixAccount
     objectClass: account
     objectClass: phpgwAccount

    - Delete all lines with
      
      phpgwAccountType:
    
      at the beginning

    - Replace following attributes:
      
      phpgwAccountLastLogin:  to (->)  phpgwLastLogin:
      phpgwAccountLastLoginFrom: -> phpgwLastLoginFrom:

    - Add an additional attribute and give it the uidnumber value
    
      phpgwAccountID: <uidnumber of this ldap entry>

    - remove all line under following line:
      # search result

6. Adapt your exported ldif file for groups:

   - Make sure each ldif entry only have following
     objectclasses:

     objectClass: posixGroup
     objectClass: phpgwGroup

    - Delete all lines with
      
      phpgw
      userPassword:
    
      at the beginning

    - Add an additional attribute and give it the gidnumber value
    
      phpgwGroupID: <gidnumber of this ldap entry>

    - remove all line under following line:
      # search result

7. Import your accounts/groups to ldap again

    >ldapadd -h localhost -D cn=Manager,dc=yourdomain,dc=yourcountry -x
-W  -f ~/phpgwGroups.ldif

    >ldapadd -h localhost -D cn=Manager,dc=yourdomain,dc=yourcountry -x
-W  -f ~/phpgwAccounts.ldif







reply via email to

[Prev in Thread] Current Thread [Next in Thread]