Transfer accounts from Linux to NetWare
Top  Previous  Next


The below script copies user account properties and passwords from Linux OpenLDAP to NetWare, thus enabling users to log on to a NetWare server with their Linux server user name and password.

·Properties transferred in the example are first name, last name, account name and password hash. Hashes currently supported by NetWare NMAS are Secure Hash (SHA), Salted Secure Hash (SSHA), digest-md5 (MD5) and Unix Crypt (CRYPT). Samba hashes are not supported.  
·It is easy to transfer other properties by minor modifications to the script, the "ListOfProperties" parameter in the "Data.Get.LD.Find" command contains source properties and each "Nov.DS.Object.SetProperty" command contains a property to be written.  
·Extract accounts from a single container, a container including subcontainers, or all accounts in a group, by modifying parameters for the "Data.Get.LD.Find" command.  
·Write accounts to any destination container.  

Requirements
Local machine (where AdmWin executable runs)
·A locally installed SSL certificate for Linux  
·Novell controls  
·NetWare client  
·A locally installed Novell SSL certificate  

Linux source server
·Linux server with OpenLDAP 2.0 or higher, configured to accept SSL connections on port 636.  
·Full administrative privileges, superuser "rootdn" enabled in slapd.conf, user name and password in LDAdminAccount and LDAdminPW variables in [Settings].  

NetWare destination server
·NetWare 6 server or higher with  
·NMAS version other than 2.3.4 or 2.3.4.1 (2.3.4.x has password import bug). Type "m nmas" (omit quotes) at system console to check version.  
·LDAP, configured to accept SSL connections on port 636.  
·Full administrative privileges  
·Log on as admin to NetWare server from NetWare client on local machine before running script.  
·NetWare server admin ID and password must also be specified in NDAdminAccount and NDAdminPW variables in [settings].  

Script
Tip

[Settings_Begin]
BatchSettings.Delimiter=TAB
BatchSettings.MarkerCol=6

// Linux source LDAP server, SSL must be enabled on port 636, a SSL certificate must be installed locally
SET LDServer=ldap3.my-domain.com
// Directory root path
SET LDDomainPath=dc=com/dc=my-domain
// Linux LDAP superuser admin account (declared in the OpenLDAP server configuration file slapd.conf on the row that begins with "rootdn")
// You may need to re-enable the rootdn user since this user normally is disabled due to security reasons
SET LDAdminAccount=%LDDomainPath%/cn=ldapman
SET LDAdminPW=Password

// Linux source LDAP path
SET LDOUPath=%LDDomainPath%/ou=People
// Linux properties, format: Attrname§DataSectDstCol§[Attrname§DataSectDstCol§]
SET LDprop=givenName§1§sn§2§uid§3§cn§4§userPassword§5§   

// [Data] section columns, must match above LDprop, (notice MarkerCol reserved)
SET FirstName=%col1%
SET LastName=%col2%
SET AccountName=%col3%
SET CN=%col4%
SET Password=%col5%

// Novell destination LDAP server (SSL must be enabled on port 636), root path, admin account, password
SET NDServer=192.168.9.117
SET NDRoot=ASH\MyOrg\MyOU
SET NDAdminAccount=%NDRoot%\admin
SET NDAdminPW=Password
// Novell destination container
SET NDOUPath=%NDRoot%\OU3
// Novell common NDS password (not used by users, they use simple password)
SET NDSpw=1a0_9ck-BxzA00+
[Settings_End]

[Init_Batch_Begin]
// Logon to Linux server, fill [Data] section with properties and passwords   
Lin.DS.Logon %LDServer%, %LDAdminAccount%, %LDAdminPW%   
Data.Get.LD.Find %LDOUPath%, (&(objectClass=posixAccount)(userPassword=*)), yes, %LDprop%   
// Delete rows from [Data] section without valid password   
Data.Loop   
 If Copy (%Password%, 10, 1)= Then   
  LogWindow.Write "%CN%" row deleted, no password.   
  Data.Row.Delete   
 EndIf   
Data.EndLoop      
Data.Show Transfer all these accounts?   
[Init_Batch_End]

[Batch_Begin]
// Logon to Novell LDAP server (required for Nov.DS.Account.SetSimplePassword)   
Nov.LDAP.Logon %NDServer%, NDpathToLDAP(%NDAdminAccount%), %NDAdminPW%   
Data.Loop   
 // Create account for all rows in [Data] section   
 Nov.DS.Account.Create %NDOUPath%, %LastName%, %AccountName%, %NDSpw%   
 Nov.DS.Object.SetProperty %NDOUPath%\%AccountName%, Given Name, %FirstName%   
 // Linux password hash (Novell client > Advanced > NMAS > Sequence = simple password)   
 Nov.LDAP.SetSimplePassword NDpathToLDAP(%NDOUPath%\%AccountName%), %Password%   
Data.EndLoop   
[Batch_End]

[Data_Begin]
[Data_End]