FTP Server migration using Sterling Secure Proxy – UserID based Dynamic Routing (page 2)

Export user/password from VSFTPD to LDAP

My VSFTPD server is using virtual users where user and password is stored in a passwd file used by PAM. The passwords are created by using Apache htpasswd and thus stored as a CRYPT hash. Not the best hash, but the theory is the same no mater hash type.

I will use a Sterling Map i have created to map that file into a LDIF file I can import to my LDAP. I only have 4 users, so it would be faster to do it manually, but as previously mentioned, the point is to show some ideas that might be of use in larger migrations.

Map the VSFTPD Password file to LDIF file

My map is a simple CSV map. The input is the password file from VSFTPD, and the output is an LDIF file. The output file needs more data than what is available in the inputfile, so most information is hardcoded in the map. But this is typical information that is identical for all users, but needed by the LDAP to import the user correct.

My input file (on my FTP server it is the /etc/vsftpd/ftpd.passwd) looks like below:

ftpd.passwd file

My map is not very elegant, but does what it is supposed to, and looks like below. The username and password is mapped directly. The description is the same as the username, since the password file in VSFTPD only consist of username and password. Then there are some mandatory data. I am mapping the username to all fields to have a trigger for the record, but then I have hard-coded strings in each field. In the password field, I have added “{CRYPT}” in front of the password, to tell the LDAP to import the passwords as CRYPT.

passwd to LDIF

The result of the map is a file like below:

# Entry:1
dn: cn=user1,ou=externalUsers,dc=demos,dc=ibm,dc=int
cn:user1
sn:user1
uid:user1
destinationindicator:VSFTPD
objectclass:inetOrgPerson
userpassword:{CRYPT}2LotBgA9JpF/g

# Entry:2
dn: cn=user2,ou=externalUsers,dc=demos,dc=ibm,dc=int
cn:user2
sn:user2
uid:user2
destinationindicator:VSFTPD
objectclass:inetOrgPerson
userpassword:{CRYPT}wi6auciO1xX5c

# Entry:3
dn: cn=user3,ou=externalUsers,dc=demos,dc=ibm,dc=int
cn:user3
sn:user3
uid:user3
destinationindicator:VSFTPD
objectclass:inetOrgPerson
userpassword:{CRYPT}DcJLOjwd9Udvk

# Entry:4
dn: cn=user4,ou=externalUsers,dc=demos,dc=ibm,dc=int
cn:user4
sn:user4
uid:user4
destinationindicator:VSFTPD
objectclass:inetOrgPerson
userpassword:{CRYPT}oR6vaV7B5eIgg

PS: I have added an empty line between each entry manually. The LDAP requires an empty line between each entry, and that is difficult to do in a map. It could have been done by using a Business Process in Sterling SB2BI to add an empty record for a large migration.

This file is on the LDIF format. It depends a bit on the LDAP server what fields needs to be imported, so I manually created a user in my LDAP and exported that user as LDIF, to see what was exported. And then based the import-file on the export file to make sure it has what is needed for the LDAP structure.

Import the LDIF file to the LDAP

In my LDAP, I have created an Organizatioal Unit called “externalUsers”, where I will import my users from the VSFTPD server.

Skjermbilde 2015-12-09 kl. 13.49.33

I import the created LDIF file, and my users and passwords get imported to my LDAP.

Skjermbilde 2015-12-09 kl. 13.51.09

Now I have moved my users and their passwords from the VSFTPD server to my LDAP, and I am finished with my first step.

 

"FTP Server migration using Sterling Secure Proxy – UserID based Dynamic Routing" table of contents

  1. FTP Server migration using Sterling Secure Proxy – UserID based Dynamic Routing
  2. Export user/password from VSFTPD to LDAP
  3. Export users from VSFTPD to SB2BI
  4. Export folder structure from VSFTPD to SB2BI Mailbox
  5. Create setup in SEAS to fetch Routing Information from LDAP
  6. Create Policy, Netmap and Adapter in SSP for Dynamic Routing
  7. Test setup as is and routing to SB2BI
  8. Summary

0 comments on “FTP Server migration using Sterling Secure Proxy – UserID based Dynamic RoutingAdd yours →

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: