aboutsummaryrefslogtreecommitdiffstats
path: root/ldap-migrate
blob: 123dbe9a811c5890e0f69bacbc69ae7d22b22e89 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
/*********************************************************************/
/* Migration plan, to replace the MySQL database by a LDAP directory */
/* structure (for virtual e-mail hosting).                           */
/*********************************************************************/

 * First we should stop to welcome new members for a little while.

 * Then someone should run the following on mistral:
    cd /etc/ldap/fripost/migration/ && sudo ./ldap-migrate.pl
That will populate the base directory with what is in the MySQL
database.
A log file, `fripost-migration-$$.log' (where `$$' is the PID of the
running process) will be created. One should read it, check the
warning/errors (prefixed with `WARN:' or `Error:') and fix them if
needed.
Note: The new entries will be created by the DN
"cn=migrator,ou=managers,...", created specialy for this purpose. Also,
creation and modification timestamps will be reset.

 * On each of the MX's, Postfix' configuration should be updated with LDAP
lookup configuration files, which are currently in
`/etc/ldap/fripost/ldap_*.cf'.
Test the Postfix configuration:
    - Send to at least one mailbox and one alias, check the logs to verify
that emails are delivered.
    - Send a mail to fake@fripost.org (or run `sendmail -bv fake@fripost.org')
and ensure that Postfix answers with "User unknown in virtual mailbox table (in
reply to RCPT TO command)".

 * On mistral, Dovecot configuration should be updated as written in
`fripost-docs.org'.
Test Dovecot: Is it possible to login? Is it possible to browse the IMAP
directory?
    openssl s_client -connect imap.fripost.org:993 -CApath /etc/ssl/certs/
    1 login user@fripost.org password
    2 list "" "*"
    3 logout

 * Shut down MySQL.

 * In git's repository for `fripost-tools' merge the `ldap' branch in
`master'.

 * Remove the DN "cn=migrator,ou=managers,...", and restrict the
ACL for the managers to be allowed to write on "ou=virtual,..." only.

 * Wait for a week or two.

 * Dump the MySQL database and save it somewhere? Anyways, then remove
MySQL from hosts.



/*********************************************************************/
/* Note for the admins.                                              */

To use the new `fripost-tools', you need to have an entry under
`ou=managers,...'. To add yourself as a manager, run the following on
mistral:
    cd /etc/ldap/fripost/migration/ && sudo ./addadmin.pl

 * (Use the optional argument if you're not happy with your login name.)

 * (If you choose to randomly generate your password, beware that it will
only be 20 characters long.)
 
 * You'll then need to chmod 600 and create/edit `~/.fripost.yml' on the
machine you plan to use the tools on (a template can be found in the
git repository), and replace `bind_dn' and `bind_pw' by, respectively,
the returned Distinguished Name and your password.