Migrating database to LDAP (kldap)
Simo Sorce
simo at redhat.com
Sun Aug 28 11:49:56 EDT 2011
On Sun, 2011-08-28 at 01:08 +0200, Andreas Ntaflos wrote:
> Hello all,
>
> we have Kerberos 1.8.1 (Ubuntu 10.04) using the default database
> configuration (i.e. db2, /var/lib/kerberos) working fine alongside
> OpenLDAP, saslauthd (so that authentication against LDAP seamlessly goes
> against Kerberos) and PAM (and other things).
>
> I was now wondering if it is possible to migrate the current Kerberos
> database to LDAP (with the kldap driver), without having to recreate the
> whole realm and every principal and reset every password. It is also
> important that saslauthd continues working.
>
> Is there a migration strategy or best practice I can follow? Or is the
> whole thing impossible to do?
You can use kdb5_util to dump the database and then later reload it in
LDAP. I tried only with LDAP->LDAP but I don't think you should have any
issue dumping a db one and the loading it back in LDAP as long as the
LDAP server is correctly configured and the kdc user has enough
permission to write the data.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Kerberos
mailing list