I finally had time to look at migrating LDAP from squeeze to wheezy again, and discovered a few problems with my initial approach. The script ldap-migrate-squeeze-wheezy in is now updated to handle more LDAP object types (user, filegroups, netgroups, sudo roles, hosts), and also include a recipe to get the kerberos part of the users migrated betewen servers.
The problem I discovered was that the krbPrincipalKey attribute is not usable between kerberos servers, as it contain the users password encrypted with the server master key. Without also copying the old servers master key, the users are unable to log in. See the usage information in the script to see how to do this. I am very grateful to Russ Allbery and Sam Hartman, the kerberos maintainers in Debian, for their clues on how to migrate kerberos users from the old to the new server. The script isn't well tested, but my initial testing tell me it should work. I hope it will work for you too. :) -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
