Migrating Linux Users to an LDAP Directory

Libraries: If you want this lab, consider one of these libraries.
Cloud
Security

Migrating Linux Users to an LDAP Directory

In this lab, we go through the process of adding a Linux user and then using a migrate utility to create an LDIF file that facilitates the use of the `ldapadd` command to add the user to an LDAP directory.

Get started Contact sales

Lab Info

Level

Beginner

Last updated

Aug 21, 2025

Duration

4h 0m

Challenge

Connect to the LDAP Server and the Linux Server
Connect to each server:
```
ssh cloud_user@<PUBLIC_IP_OF_SERVER>
```
Provide the appropriate password from the lab interface.
Challenge

Verify the Installation of LDAP on the LDAP Server
On the LDAP Server
1. Check the version of LDAP that has been staged:
  
  slapd -VV
2. Verify the slapd daemon is running and active:
  
  sudo systemctl status slapd
3. Provide the cloud_user password for the LDAP server.
4. Search the existing LDAP database:
  
  ldapsearch -x -LLL -b dc=example,dc=com
Challenge

Set the Password for the LDAP Server
On the LDAP Server
1. Generate an encrypted password:
  
  slappasswd
2. Copy the output from that command into the clipboard and save it.
3. Use a Linux text editor to add the encrypted password to the slapd configuration file:
  
  sudo vi /etc/openldap/slapd.d/cn=config/olcDatabase=\{2\}hdb.ldif
4. Change the line that starts with olcRootPW, replacing the existing string after the colon with the encrypted password you just copied.
5. After saving the configuration file, restart the service:
  
  sudo systemctl restart slapd

Challenge

Add a Linux User and Migrate the User to LDAP

On the LDAP Server

Add a Linux user:

sudo useradd <ANY_USER>

sudo passwd <ANY_USER>

Respond with a password.
Grab the user and group lines from /etc/passwd and /etc/group, and output them to text files:
```
grep <ANY_USER> /etc/passwd > ./passwd.txt
```
```
grep <ANY_USER> /etc/group > ./group.txt
```

Use the migration utility to convert the Linux text into ldif format:

/usr/share/migrationtools/migrate_passwd.pl ./passwd.txt ./passwd.ldif

/usr/share/migrationtools/migrate_group.pl ./group.txt ./group.ldif

Look at the files you have created:
```
cat ./passwd.ldif
```
```
cat ./group.ldif
```

Add the ldif data to the directory:

ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f ./passwd.ldif

ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f ./group.ldif

Search the directory to determine the contents:

ldapsearch -x cn=<ANY_USER> -b dc=example,dc=com

Challenge

Verify the User You Added Is Available from the LDAP Client
From the server configured as an LDAP client:
```
id <ANY_USER>
```

About the author

Pluralsight Skills

Pluralsight Skills gives leaders confidence they have the skills needed to execute technology strategy. Technology teams can benchmark expertise across roles, speed up release cycles and build reliable, secure products. By leveraging our expert content, skill assessments and one-of-a-kind analytics, keep up with the pace of change, put the right people on the right projects and boost productivity. It's the most effective path to developing tech skills at scale.

Real skill practice before real-world application

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Learn by doing

Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.

Follow your guide

All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.

Turn time into mastery

On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.