LDAP接管Linux登录认证[图文](3)

4.迁移/etc/group中的某个group id     将/etc/group中的具体group id转变为ldif格式
再将此格式的文档插入ldap数据库
[root@vmmac migration]# cat /etc/group | grep ldap > group.in

[root@vmmac migration]# cat group.in
ldap:x:55:
 
[root@vmmac migration]# ./migrate_group.pl group.in > group.ldif

[root@vmmac migration]# cat group.ldif
dn: cn=ldap,ou=Group,dc=otas,dc=cn
objectClass: posixGroup
objectClass: top
cn: ldap
userPassword: {crypt}x
gidNumber: 55
 
[root@vmmac migration]# ldapadd -x -D "cn=root,dc=otas,dc=cn" -W -f group.ldif
Enter LDAP Password:
adding new entry "cn=ldap,ou=Group,dc=otas,dc=cn"  
5.迁移/etc/passwd 中用户 [root@vmmac migration]# cat /etc/passwd | grep ldap > passwd.in

[root@vmmac migration]# cat passwd.in
ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false
 
[root@vmmac migration]# ./migrate_passwd.pl passwd.in > passwd.ldif

[root@vmmac migration]# cat passwd.ldif
dn: uid=ldap,ou=People,dc=otas,dc=cn
uid: ldap
cn: LDAP User
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!!
shadowLastChange: 14182
loginShell: /bin/false
uidNumber: 55
gidNumber: 55
homeDirectory: /var/lib/ldap
gecos: LDAP User
 
[root@vmmac migration]# ldapadd -x -D "cn=root,dc=otas,dc=cn" -W -f passwd.ldif
Enter LDAP Password:
adding new entry "uid=ldap,ou=People,dc=otas,dc=cn"  
6.检查ldap 数据库，看上面插入的记录是否存在 [root@vmmac migration]# ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# otas.cn
dn: dc=otas,dc=cn                        根
dc: otas
objectClass: top
objectClass: domain

# People, otas.cn                        user ou
dn: ou=People,dc=otas,dc=cn
ou: People
objectClass: top
objectClass: organizationalUnit

# Group, otas.cn                         group ou
dn: ou=Group,dc=otas,dc=cn
ou: Group
objectClass: top
objectClass: organizationalUnit

# ldap, Group, otas.cn                  ldap goup otas.cn
dn: cn=ldap,ou=Group,dc=otas,dc=cn       组条目是cn=ldap
objectClass: posixGroup
objectClass: top
cn: ldap
userPassword:: e2NyeXB0fXg=
gidNumber: 55

# ldap, People, otas.cn                ldap people otas.cn
dn: uid=ldap,ou=People,dc=otas,dc=cn      user 条目是uid=ldap
uid: ldap
cn: LDAP User
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSEh
shadowLastChange: 14182
loginShell: /bin/false
uidNumber: 55
gidNumber: 55
homeDirectory: /var/lib/ldap
gecos: LDAP User

# search result
search: 2
result: 0 Success

# numResponses: 6
# numEntries: 5
[root@vmmac migration]#