zimbra migrating with passwords

[newmember]

I can dump the ldap data, is there a way I can import the encrypted passwords into a new zimbra server's ldap?
I was going to use "zmprov" to import my domains and email accounts.
I could install the passwords with zmprov, but I do not think that zmprov will except a "already encrypted" password.

Thanks for the ideas.

Chris

[fultonj]

Why not just configure your zimbra server to authenticate off of your ldap server if it's already got your passwords?

In the Admin Web GUI:

Configuration --> Domains --> $your_domain --> Authentication

Then click Configure Authentication to start with wizard.

I'm running Zimbra but keeping a separate OpenLDAP server even though Zimbra bundles it's own OpenLDAP server for Zimbra things. However, I see them as separate and one won't replace the other. In theory you should be able to get the Zimbra LDAP password and then open with an LDAP browser to snoop around and put the password there if they used the same hash. I'd test this on one account before you break something however.

[newmember]

Thanks.

I am actually migrating from one Zimbra version on an different OS to another new install with a current version of Zimbra and onto a supported OS.

I can't just import the ldap dump because it has all the config details in it and the versions are different.
I am trying to avoid asking users to re-set their passwords.

I am only doing this because I have tried for months to upgrade with every failure imaginable.

So I am looking for a way to import the encrypted passwords I collected from the ldap dump into a new zimbra ldap schema.

[drwho18]

I create the users from /etc/passwd crypt's. If you do the following when creating users in Zimbra you can reset the password to the crypt.

Perl example to create user, and then change password to crypted pass.

$uname = "testuser";
$name,$passwd,$uid,$gid) = getpwnam($uname);
$cryptpass = "{crypt}".$passwd;
$dummypass = "dummy";
$hostname = "zimbra.domain.com";
system("/opt/zimbra/bin/zmprov ca $name@\\$hostname $dummypass zimbraPasswordMinLength 1");
system("/opt/zimbra/bin/zmprov ma $name@\\$hostname userPassword '$cryptpass'");

[bonoboslr]

zmprov does accept encrypted passwords. I migrated my users without know what the actuall passwords were. They were {md5} hashed and I just created the account (zmprov ca) with the encrypted passwords.

[itwerx]

You can slapcat the old server ldap and delete everything except the user/alias records then slapadd those to the new server. The encrypted password will be in there as well and it will come over just fine.

Pros: gets everything but the actual data, including account preferences etc

Cons: there are a few things to watch for:
- if the new server has a different name you'll need to edit that in several places in each record
- if the version difference is large then there may be some records that are different. Might be a good idea to compare the ldap record for a fully provisioned test user from the new server and adjust the old records accordingly before importing them.

But no worries if you screw up, just delete them and try again.