[Samba] Copy *just* user accounts from LDAP?

Michal Dobroczynski michal.dobroczynski at gmail.com
Thu Jun 25 06:43:53 GMT 2009


2009/6/23 Adam Williams <awilliam at mdah.state.ms.us>:
> ldapsearch -v -x -h roark.mdah.state.ms.us -D
> "cn=Manager,dc=mdah,dc=state,dc=ms,dc=us" -w xxxxxxxx -b
> "ou=People,dc=mdah,dc=state,dc=ms,dc=us" > somefile
> scp somefile over.  load it with slapadd or ldapadd.

If you plan to use slapadd - then dump the LDAP database with slapcat
command. It is the recommended way of exporting/importing data into
OpenLDAP. Then you can post-process the file and remove machine
accounts (I have them under ou=Computers for example).

For keeping account info in sync - you can always setup the easiest
replication scheme - slurpd. Comes as part of OpenLDAP. But that's for
the whole tree - if you wish to replicate only parts of it I think
syncrepl is the way to go (AFAIR slurpd can't perform selective
replication). Periodical slapcat/slapadd is a solution, but as the DB
will be growing it will be taking more and more time to setup the
database (depends on the number of entries, configured indexes etc.).
And during these DB syncs you have to disable slapd, which means samba
clients will also have problems connecting at that particular time.


> johnh at primebuchholz.com wrote:
>> Greetings All,
>> I have a Samba-controlled domain, with everything in LDAP.
>> I also have an off-site server that I rsync all our files to every couple
>> hours.
>> What I'd like to do is set up a new Samba domain on the off-site server so
>> users can log into it for disaster recovery purposes - and I'd like to keep
>> the user account information synchronized with the main server so user's
>> passwords are the same, etc. - while leaving behind workstation accounts,
>> etc.
>> Does anyone have any ideas on how best to approach this?  I guess what I'm
>> asking is, I'm OK with slapcat/slapadd'ing periodically from the main server
>> to the off-site server, but does anyone have ideas for how to filter just
>> the user accounts into the LDIF?
>> Thanks in advance,
>> -John
>> --
>>        Please consider the environment before printing this e-mail.
>>          This e-mail is intended only for the named person or entity to
>> which it
>>        is addressed and contains valuable business information that is
>>        privileged, confidential and/or otherwise protected from
>> disclosure.
>>        Dissemination, distribution or copying of this e-mail or the
>> information
>>        herein by anyone other than the intended recipient, or an employee,
>> or
>>        agent responsible for delivering the message to the intended
>> recipient,
>>        is strictly prohibited.  All contents are the copyright property of
>> the
>>        sender.  If you are not the intended recipient, you are
>> nevertheless
>>        bound to respect the sender's worldwide legal rights.  We require
>> that
>>        unintended recipients delete the e-mail and destroy all electronic
>>        copies in their system, retaining no copies in any media.  If you
>> have
>>        received this e-mail in error, please immediately notify us by
>> calling
>>        our Help Desk at (603) 433-1143, or e-mail to it at primebuchholz.com.
>>        We appreciate your cooperation.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list