Aaron Stone wrote: > On Fri, Jul 13, 2007, Paul J Stevens <[EMAIL PROTECTED]> said: > >> Geir Voll Nielsen wrote: >>> Hi, >>> >>> I am currently investigating the possibilty to migrate all user >>> information from mysql to ldap (and then authenticate against ldap). Is >>> it possible to do such a migration? Has anybody done it? >>> >> >> Yep. No real problems. Only caveat: what encoding type are your >> passwords? If they are crypt or plaintext you can insert them into ldap >> as-is. >> >> Also, creating users in ldap will most likely use different uidNumber >> values than you currently have as user_idnr in dbmail_users. So after >> you create an ldap user, you must make sure the user_idnr in the sql >> table is updated to match the uidNumber in ldap. > > That's in fact the crucial issue. Both the username and the user_idnr must > match between the sql and the ldap. When a new user is created in ldap, a > shadow user is created in sql with the same name and user_idnr. > > You can't just update the dbmail_users table to change the user_idnr > because the foreign keys in the mailboxes table will cause the user's > mailboxes to be detached and then removed.
Wrong, *because* of the constraints it is in fact absolutely necessary to change the user_idnr in the dbmail_users table. It's what I do, whenever I migrate to ldap. Works perfectly, but only if you have the proper constraints in place. They are part of the default schema. > > What you'll need to do is write a script that generates an ldif file from > the dbmail_users table, then load that ldif file into the ldap server. > It'll probably take a few tries before you can log in, but the good news > (and I just re-read the code, so I think I have this right) is that we > won't let you log in until both the password and the username-user_idnr > pairs all match up with whatever is currently in the database. That's correct. If there is a user in the sql database with the correct userid, but with the wrong user_idnr login will fail. > > Good luck! Please post your script when you're done, I'm sure many people > would be interested in seeing how to make this same transition. > > Aaron > _______________________________________________ > DBmail mailing list > [email protected] > https://mailman.fastxs.nl/mailman/listinfo/dbmail > -- ________________________________________________________________ Paul Stevens paul at nfg.nl NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31 The Netherlands________________________________http://www.nfg.nl _______________________________________________ DBmail mailing list [email protected] https://mailman.fastxs.nl/mailman/listinfo/dbmail
