[Patch] myldap-pub.py

Lukasz Zalewski lukas at dcs.qmul.ac.uk
Mon Sep 13 02:27:25 MDT 2010

On 09/10/2010 06:19 PM, Maurizio Marini Gmail wrote:
> On Fri, Sep 10, 2010 at 4:54 PM, Lukasz Zalewski<lukas at dcs.qmul.ac.uk>  wrote:
>> Its still very experimental, and in continuous development, so no docs, but
>> do as questions in samba technical regarding it :)
>> Yes in concept it is similar to vampire procedure, but its more of an manual
>> (and external) process. Its essentially an utility script. What the scripts
>> does is given existing samba3 ldap information (either in the form of an
>> ldif obtained through slapcat, or direct ldap connection) it will extract
>> all of the requested account information (Users,Computers,Groups) and
>> produce a samba4 friendly ldif that then can be imported into s4 using
>> ldbadd
> 2 questions :)
> 1.
> all my samba pdc are done with fedora-ds backend; do you think it is
> wortwhile to try to run your utility against an ldif export of
> fedora-ds?
> or it will fail for sure?
I have never used fedora-ds so can't say for sure. Looking at the 
fedora-ds specs i would guess it is possible
> 2.
> if during provisioning i use:
> --domain-sid=SID
> where SID is the SID of current domain, and then using your utility i
> import users and computers and groups, more or less I could migrate my
> samba3 domains trasparently to windows client?
Yes that is intention of the script - it allows migration of an existing 
s3 domain into s4. It also allows import of existing s3 accounts into 
new s4 domain
In addition the script provides custom search filters, use of file base 
diffs, or direct connection to ldap server, removal of some of the 
attributes pre, or post import, partial import (any combination of 
users,computers,groups or trusts - note trusts import are still TODO) 
and attribute value substitution.


> i cc the list, maybe someone other is interested on this issue (all
> who manage samba3 pdc, i suppose..)

More information about the samba-technical mailing list