Export user/password from VSFTPD to LDAP
My VSFTPD server is using virtual users where user and password is stored in a passwd file used by PAM. The passwords are created by using Apache htpasswd and thus stored as a CRYPT hash. Not the best hash, but the theory is the same no mater hash type.
I will use a Sterling Map i have created to map that file into a LDIF file I can import to my LDAP. I only have 4 users, so it would be faster to do it manually, but as previously mentioned, the point is to show some ideas that might be of use in larger migrations.
Map the VSFTPD Password file to LDIF file
My map is a simple CSV map. The input is the password file from VSFTPD, and the output is an LDIF file. The output file needs more data than what is available in the inputfile, so most information is hardcoded in the map. But this is typical information that is identical for all users, but needed by the LDAP to import the user correct.
My input file (on my FTP server it is the /etc/vsftpd/ftpd.passwd) looks like below:
My map is not very elegant, but does what it is supposed to, and looks like below. The username and password is mapped directly. The description is the same as the username, since the password file in VSFTPD only consist of username and password. Then there are some mandatory data. I am mapping the username to all fields to have a trigger for the record, but then I have hard-coded strings in each field. In the password field, I have added “{CRYPT}” in front of the password, to tell the LDAP to import the passwords as CRYPT.
The result of the map is a file like below:
# Entry:1 dn: cn=user1,ou=externalUsers,dc=demos,dc=ibm,dc=int cn:user1 sn:user1 uid:user1 destinationindicator:VSFTPD objectclass:inetOrgPerson userpassword:{CRYPT}2LotBgA9JpF/g # Entry:2 dn: cn=user2,ou=externalUsers,dc=demos,dc=ibm,dc=int cn:user2 sn:user2 uid:user2 destinationindicator:VSFTPD objectclass:inetOrgPerson userpassword:{CRYPT}wi6auciO1xX5c # Entry:3 dn: cn=user3,ou=externalUsers,dc=demos,dc=ibm,dc=int cn:user3 sn:user3 uid:user3 destinationindicator:VSFTPD objectclass:inetOrgPerson userpassword:{CRYPT}DcJLOjwd9Udvk # Entry:4 dn: cn=user4,ou=externalUsers,dc=demos,dc=ibm,dc=int cn:user4 sn:user4 uid:user4 destinationindicator:VSFTPD objectclass:inetOrgPerson userpassword:{CRYPT}oR6vaV7B5eIgg
PS: I have added an empty line between each entry manually. The LDAP requires an empty line between each entry, and that is difficult to do in a map. It could have been done by using a Business Process in Sterling SB2BI to add an empty record for a large migration.
This file is on the LDIF format. It depends a bit on the LDAP server what fields needs to be imported, so I manually created a user in my LDAP and exported that user as LDIF, to see what was exported. And then based the import-file on the export file to make sure it has what is needed for the LDAP structure.
Import the LDIF file to the LDAP
In my LDAP, I have created an Organizatioal Unit called “externalUsers”, where I will import my users from the VSFTPD server.
I import the created LDIF file, and my users and passwords get imported to my LDAP.
Now I have moved my users and their passwords from the VSFTPD server to my LDAP, and I am finished with my first step.
"FTP Server migration using Sterling Secure Proxy – UserID based Dynamic Routing" table of contents
- FTP Server migration using Sterling Secure Proxy – UserID based Dynamic Routing
- Export user/password from VSFTPD to LDAP
- Export users from VSFTPD to SB2BI
- Export folder structure from VSFTPD to SB2BI Mailbox
- Create setup in SEAS to fetch Routing Information from LDAP
- Create Policy, Netmap and Adapter in SSP for Dynamic Routing
- Test setup as is and routing to SB2BI
- Summary
0 comments on “FTP Server migration using Sterling Secure Proxy – UserID based Dynamic Routing” Add yours →