Solaris 8 with OpenLDAP: Populating OpenLDAP

Populating OpenLDAP with posixAccounts

Now you need to write a script that generates the LDIF file from an /etc/passwd file.

Here is a sample script which you can use. You'll notice that it's a PHP script. If you don't have PHP, you can download it from the Scripts section.

  • you will need to modify the "SUFFIX" define at the top of the script
  • This script will NOT import users with a UID less than 100.
#!/usr/local/bin/php -q

define(SUFFIX, "dc=viawest, dc=net");


if ($argc < 2)
    exit("usage: $argv[0] passwd-file\n");

if (! ($f = fopen($argv[1], "r")))
    exit("Coudln't open '$argv[1]' for read\n");

while (! feof($f))
    $line = chop(fgets($f, 10240));
    if (feof($f))
    $pwent = explode(":", $line);
    if ($pwent[2] < 100)
    $e = 0;
    $ldifent[$e++] = "dn: uid=$pwent[0], ou=People, " . SUFFIX . "\n";

    $ldifent[$e++] = "objectClass: top\n";

    $ldifent[$e++] = "objectClass: posixAccount\n";

    $ldifent[$e++] = "objectClass: shadowAccount\n";

    $ldifent[$e++] = "uid: $pwent[0]\n";

    if ($pwent[1])
        $ldifent[$e++] = "userPassword: {crypt}$pwent[1]\n";
    else {
        $ldifent[$e++] = "userPassword: {crypt}*NP*\n";

    $ldifent[$e++] = "uidNumber: $pwent[2]\n";

    $ldifent[$e++] = "gidNumber: $pwent[3]\n";

    if ($pwent[4])
        $ldifent[$e++] = "gecos: $pwent[4]\n";
        $ldifent[$e++] = "gecos: $pwent[0]\n";

    if ($pwent[5])
        $ldifent[$e++] = "homeDirectory: " . $pwent[0] . "\n";
        $ldifent[$e++] = "homeDirectory: /\n";

    if ($pwent[6])
        $ldifent[$e++] = "loginShell: $pwent[6]\n";
        $ldifent[$e++] = "loginShell: /bin/noshell\n";

    $ldifent[$e++] = "cn: $pwent[0]\n";
    for ($ctr = 0; $ctr < count($ldifent); $ctr++)
        if ($ldifent[$ctr])
            echo $ldifent[$ctr];
    echo "shadowlastchange: -1\n";
    echo "shadowmin: -1\n";
    echo "shadowmax: -1\n";
    echo "shadowwarning: -1\n";
    echo "shadowinactive: -1\n";
    echo "shadowexpire: -1\n";
    echo "shadowflag: -1\n";
    echo "description: -1\n\n";
Name this program passwd2ldif, make it executable, and issue the following command:
# ./passwd2ldif /etc/passwd > import.ldif
This should generate an LDIF file which you can import into your directory server. To perform the import, first stop the directory server. Then issue the command:
# /etc/init.d/slapd stop
# slapadd -n 1 -l import.ldif
# /etc/init.d/slapd start
Start slapd and now your directory server should contain all of the entries included in the LDIF.

Now you can test your LDAP server by trying to search for a user. To search use, the ldapsearch command. To search for a user with the username edk, type:

ldapsearch -D cn=solaris,ou=ldapusers,dc=viawest,dc=net -W \
    -b ou=People,dc=viawest,dc=net 'uid=edk'
    -D = The BindDN to use when binding to the directory server
    -W = Prompt for a password
    -b = The search BaseDN
    The last parameter is the search filter to use.

You will be prompted for a password. If you used the base.ldif file which I provided, the password is abc123. Your search should return something to the effect of:

dn: uid=edk, ou=People, dc=viawest,dc=net
objectClass: top
objectClass: posixaccount
objectClass: shadowaccount
uid: edk
userPassword:: SiqSAjIjPq2jA2jOls49AlKDJzL=
uidNumber: 1000
gidNumber: 100
gecos: Eric Kilfoil
homeDirectory: /export/home/edk
loginShell: /usr/bin/bash
cn: edk
shadowLastChange: -1
shadowMin: -1
shadowMax: -1
shadowWarning: -1
shadowInactive: -1
shadowExpire: -1
shadowFlag: -1
description: -1
Notice that the userPassword attribute is base64 encoded. This is because of the userPassword attribute definition and this is normal. You can use a base64 decoder to view the actual information stored in the userPassword attribute.

Previous: Configuring OpenLDAP | Next: Configuring Solaris