Migrating from Apple OpenDirectory?
Michael Wood
esiotrot at gmail.com
Fri May 21 19:28:38 MDT 2010
On 22 May 2010 01:23, Andrew Bartlett <abartlet at samba.org> wrote:
> On Fri, 2010-05-21 at 17:44 +0200, Michael Wood wrote:
>> In case you've forgotten, I'm trying to get some users out of Open
>> Directory into Samba4 for authentication purposes.
>>
>> On 20 April 2010 04:54, Andrew Bartlett <abartlet at samba.org> wrote:
>> [...]
>> > Honestly, I'm not sure. You would need to write up a python script (I
>> > think) that would first import the users from the OpenDirectory
>> > (perserving their SIDs), and then extract the 'arcfour-hmac-md5' (type
>> > 23) key and set it into the unicodePwd attribute in Samba4's LDAP
>> > server.
>> >
>> > Once you have the data in the dump format, this may be easy to parse, or
>> > else it may be better to read it using Heimdal tools somehow.
>>
>> OK, I had some trouble with the stash file from the OS X box, but I
>> now have a dump file in the Heimdal dump format, so I can get at the
>> arcfour-hmac-md5 keys. Do I just shove those into the unicodePwd
>> attribute?
>
> Yes, as a 16 byte array (not hex encoded or anything, just raw in LDAP -
> you may need to base64 them if putting them in via LDIF).
Excellent :) Thanks, it seems to work.
I created a user with "net createuser" and then used "ldbmodify -H
/usr/local/samba/private/sam.ldb.d/DC=MY,DC=REALM.ldb" and fed it
something like this:
dn: CN=user,CN=Users,DC=MY,DC=REALM
changetype: modify
replace: unicodePwd
unicodePwd:: Tm9UIHJFYUxsWSBTb1JyWQ==
.
I got the base64 value to use by taking the hex-encoded value from the
Heimdal dump file and doing:
python -c 'print
"0123456789ABCDEF0123456789ABCDEF".decode("hex").encode("base64")'
Now I just need to extract the relevant information out of Open
Directory's LDAP directory and create the corresponding objects in
Samba4, (using ldpmodify, I suppose).
Thanks for the help :)
--
Michael Wood <esiotrot at gmail.com>
More information about the samba-technical
mailing list