[svlug] I need OpenLDAP help...
Philip Martin
phillip.martin at gmail.com
Fri Mar 13 21:44:27 PST 2009
As others have said, use the -L option. Make sure you bind as an
admin dn (or some other dn with read permission on the entire
database). It depends on the access restrictions in place, but
otherwise you won't get things like the userPassword field.
On Mar 13, 2009, at 9:58 PM, "Pat Power" <pat at powerville.net> wrote:
>
>
> I sort of thought that it wasn’t running OpenLDAP even though he ins
> talled it!
>
>
>
> So, can I assume that an ldapsearch -x -b
> 'dc=foo,dc=com''(objectclass=*)' will dump
>
> everything in the database in the “ldif” format for slapadd to
> read on the new server? And is there any
>
> tricks to importing it?
>
>
>
> Thanks!
>
> -pat
>
>
>
>
>
> From: Philip Martin [mailto:phillip.martin at gmail.com]
> Sent: Friday, March 13, 2009 5:02 PM
> To: Pat Power
> Cc: SVLUG
> Subject: Re: [svlug] I need OpenLDAP help...
>
>
>
> A couple things:
>
>
>
> That old host is not running openldap. If I had to guess, it say it
> was fedora directory server.
>
>
>
> You can bind as some dn that has universal read access and do a
> ldapsearch. The format you get from that should be usable by
> slapadd. Since the old server is not openldap slapcat will be
> useless there. There may be other export tools available in fedora
> directory server, but I'm not knowledgable enough to say off the top
> of my head.
>
> -Philip
>
>
> On Mar 13, 2009, at 4:30 PM, Pat Power <pat at powerville.net> wrote:
>
>
> OK, the lsof did show me the binary and a config directory, but not
> the config file. And the -n does suppress
> the translation (thanks Bill).
>
> /etc/dirsrv/admin-serv:
> adm.conf admpw admserv.conf console.conf httpd.conf local.conf
> nss.conf
>
> /etc/dirsrv/config:
> certmap.conf slapd-collations.conf
>
> /etc/dirsrv/schema:
> 00core.ldif 10presence.ldif 28pilot.ldif 50ns-
> directory.ldif 60pam-plugin.ldif
> 01common.ldif 10rfc2307.ldif 30ns-common.ldif 50ns-
> mail.ldif 99user.ldif
> 05rfc2247.ldif 20subscriber.ldif 50ns-admin.ldif 50ns-
> value.ldif
> 05rfc2927.ldif 25java-object.ldif 50ns-certificate.ldif 50ns-web.ldif
>
> /etc/dirsrv/slapd-engsrv06:
> cert8.db dse.ldif dse.ldif.startOK key3.db secmod.db
> certmap.conf dse.ldif.bak dse_original.ldif schema slapd-
> collations.conf
>
>
> I'm not sure that I need the conf file if I just want to dump the
> database to import on the new server, right?
>
> I am able to do a ldapsearch and see the data. Is there a way, with
> or without slapcat, to export the database
> for import to the "new" server?
>
>
> Thanks,
> -pat
>
>
> Philip Martin wrote:
>
>
>
> Ah ha. The output of netstat uses /etc/services to replace port
> numbers with service names. That is indeed the pid and execuable
> name you want. From there you can use lsof to track down the config
> file and the location of the binary.
>
> -Philip
>
>
> On Mar 13, 2009, at 11:31 AM, Pat Power <pat at powerville.net> wrote:
>
> Hi Philip,
>
> Thanks for the response!
>
> This seems to be getting stranger by the minute... First, I do know
> that the client machines are pointing to this machine
> for LDAP. But, I don't see anything on port 389?! I do see the
> following (in red):
>
>
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address Foreign
> Address State PID/Program name
> tcp 0 0 localhost:20032
> *:* LISTEN 3102/nvcmgr
> tcp 0 0 localhost:2208
> *:* LISTEN 3079/hpiod
> tcp 0 0 *:nfs
> *:* LISTEN -
> tcp 0 0 *:netgw
> *:* LISTEN 13705/rpc.rquotad
> tcp 0 0 *:9830
> *:* LISTEN 2763/httpd.worker
> tcp 0 0 *:omirr
> *:* LISTEN 3172/rpc.rquotad
> tcp 0 0 *:5801
> *:* LISTEN 5290/Xvnc
> tcp 0 0 *:5901
> *:* LISTEN 5290/Xvnc
> tcp 0 0 *:sunrpc
> *:* LISTEN 13675/portmap
> tcp 0 0 *:6001
> *:* LISTEN 5290/Xvnc
> tcp 0 0 *:krb5_prop
> *:* LISTEN 13719/rpc.mountd
> tcp 0 0 *:veritas_pbx
> *:* LISTEN 2640/pbx_exchange
> tcp 0 0 localhost:arbortext-lm
> *:* LISTEN 2640/pbx_exchange
> tcp 0 0 192.168.10.2:domain
> *:* LISTEN 2538/named
> tcp 0 0 engsrv06.eng.datalan:domain
> *:* LISTEN 2538/named
> tcp 0 0 localhost:domain
> *:* LISTEN 2538/named
> tcp 0 0 *:bpcd
> *:* LISTEN 3131/xinetd
> tcp 0 0 *:vopied
> *:* LISTEN 3131/xinetd
> tcp 0 0 localhost:ipp
> *:* LISTEN 3119/cupsd
> tcp 0 0 localhost:smtp
> *:* LISTEN 3509/sendmail: acce
> tcp 0 0 *:nbdb
> *:* LISTEN 3405/NB_dbsrv
> tcp 0 0 engsrv06.eng.datalanes:rndc
> *:* LISTEN 2538/named
> tcp 0 0 localhost:rndc
> *:* LISTEN 2538/named
> tcp 0 0 *:bpjava-msvc
> *:* LISTEN 3131/xinetd
> tcp 0 0 *:58586
> *:* LISTEN -
> tcp 0 0 *:vnetd
> *:* LISTEN 3131/xinetd
> tcp 0 0 localhost:54141
> *:* LISTEN 2640/pbx_exchange
> tcp 0 0 *:799
> *:* LISTEN 13761/rpc.statd
> tcp 0 0 *:20031
> *:* LISTEN 3147/nvnmgr
> tcp 0 0 localhost:2207
> *:* LISTEN 3084/python
> tcp 0 0 *:ldap
> *:* LISTEN 2660/ns-slapd
> tcp 0 0 *:6001
> *:* LISTEN 5290/Xvnc
> tcp 0 0 *:ssh
> *:* LISTEN 3108/sshd
> I also don't any ldap service being started: nothing in the rc
> scripts, nothing in xinetd.d.
>
>
> -pat
>
>
> Philip Martin wrote:
>
>
>
> Start with a netstat -tlp and look at what is listening on port
> 389. That's your ldap server. Take note of its pid. Then a 'lsof -
> p <pid>' should show you what files it has open, including it's
> config file. You could also try 'rpm -qf /path/to/running/ldap/
> server' to see what package that server is from (assuming it is from
> an rpm).
>
>
>
> Also note that slapcat/slapadd are meant to be used while the ldap
> server is stopped, not while it is running.
>
>
>
> HTH,
>
>
>
> -Philip
>
>
>
>
> On Mar 13, 2009, at 9:26 AM, Pat Power <pat at powerville.net> wrote:
>
> Hi,
>
> I have been asked to move the LDAP server to a different machine.
> This was setup by someone else
> that is no longer available to ask questions.
>
> The "current" machine is running CentOS 5.2, the "new" machine is
> running RHEL 5.2 and both have
> openldap-2.3.27. The current machine also has and uses smbldap for
> adding and modifying users & groups.
>
> I have LDAP up and running on the new server, and now I need to move
> the database over.
>
> I have found the docs on slapcat & slapadd, but the current machine
> doesn't seem to running slapd.
> The slapd.conf file is unmodified from the install, and I am afraid
> to touch it and start slapd as it might
> do something bad to the current database.
>
> Can someone please help me get my head around this and point me in
> the right direction?
>
> Thanks!
> -pat
>
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug
>
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug
>
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug
>
> ass=MsoNormal>_______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug
>
> > html>
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.svlug.org/archives/svlug/attachments/20090313/68cd6e11/attachment.htm
More information about the svlug
mailing list