How to migrate local users to LDAP accounts

This article is all about how to migrate local users to LDAP accounts; you can also check out configuring LDAP on CentOS 7 / RHEL 7.

This should also work on other flavors of Linux operating systems.

Below are the LDAP domain details.

Domain: itzgeek.local

Admin: ldapadm

OU: People, Group

Server Name: server.itzgeek.local

IP Address: 192.168.12.15

Create local users:

To test the migration, we would need some local accounts available on the machine. Let’s create local users using the following command.

useradd ldpuser1
useradd ldpuser2
useradd ldpuser3

set the password for the created users.

echo "pass" | passwd --stdin ldpuser1
echo "pass" | passwd --stdin ldpuser2 
echo "pass" | passwd --stdin ldpuser3

Packages:

Install the below package to support the migration of local users to LDAP.

yum -y install migrationtools

Export users:

Export the created users and groups to the file.

grep "ldpuser" /etc/passwd > /root/users
grep "ldpuser" /etc/group > /root/groups

Please repeat same steps for the remaining users.

Setup MigrationTools:

Edit “/usr/share/migrationtools/migrate_common.ph” and update it with the domain details.

$DEFAULT_MAIL_DOMAIN = "itzgeek.local";
$DEFAULT_BASE = "dc=itzgeek,dc=local";

Change this to 1 to support more general object classes such as person.

$EXTENDED_SCHEMA = 1;

Convert users and groups:

Now convert the users and groups file into LDAP Data Interchange Format (LDIF).

/usr/share/migrationtools/migrate_passwd.pl /root/users /root/users.ldif
/usr/share/migrationtools/migrate_group.pl /root/groups /root/groups.ldif

Import the users and groups to LDAP database:

Now import the local users to LDAP database using the following command.

ldapadd -x -W -D "cn=ldapadm,dc=itzgeek,dc=local" -f /root/users.ldif

Output:

Enter LDAP Password:
adding new entry "uid=ldpuser1,ou=People,dc=itzgeek,dc=local"
adding new entry "uid=ldpuser2,ou=People,dc=itzgeek,dc=local"
adding new entry "uid=ldpuser3,ou=People,dc=itzgeek,dc=local"

Now import the local groups to LDAP database using the following command.

ldapadd -x -W -D "cn=ldapadm,dc=itzgeek,dc=local" -f /root/groups.ldif

Output:

Enter LDAP Password:
adding new entry "cn=ldpuser1,ou=Group,dc=itzgeek,dc=local"
adding new entry "cn=ldpuser2,ou=Group,dc=itzgeek,dc=local"
adding new entry "cn=ldpuser3,ou=Group,dc=itzgeek,dc=local"

Test LDAP server:

Issue the following command to search for a user “ldpuser1” in LDAP.

ldapsearch -x cn=ldpuser1 -b dc=itzgeek,dc=local

Output:

# extended LDIF
#
# LDAPv3
# base <dc=itzgeek,dc=local> with scope subtree
# filter: cn=ldpuser1
# requesting: ALL
#
# ldpuser1, People, itzgeek.local
dn: uid=ldpuser1,ou=People,dc=itzgeek,dc=local
uid: ldpuser1
cn: ldpuser1
sn: ldpuser1
mail: [email protected]
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQ2JEdXTDV6UnlqJFpzU1RiYzBjUTVsUjZmTS9TMVRZd2pNY2pTWUw
 vLmZVbnZKSUxhSWdEb2MxMkJYVTVVd0V2SWVKNXN4bHZlR0x3SGRidjc2cjh2SzZQOERmSmUzT08w
shadowLastChange: 17114
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/ldpuser1
# ldpuser1, Group, itzgeek.local
dn: cn=ldpuser1,ou=Group,dc=itzgeek,dc=local
objectClass: posixGroup
objectClass: top
cn: ldpuser1
userPassword:: e2NyeXB0fXg=
gidNumber: 1000
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2

Print all the user information.

ldapsearch -x -b dc=itzgeek,dc=local '(objectclass=*)'

That’s All.