<div dir="ltr">I've been able to reset the password with Sam's help.<br clear="all"><div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><pre style="color:rgb(46,52,54);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px"><span style="font-family:monospace,monospace">-- <br></span></pre><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><span style="font-family:monospace,monospace"><span></span><span></span>Ibiam Chihurumnaya <br></span></div><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><span style="font-family:monospace,monospace"><a href="mailto:ibiamchihurumnaya@gmail.com" style="color:rgb(42,118,198)" target="_blank">ibiamchihurumnaya@gmail.com</a></span></div><div style="color:rgb(46,52,54);font-size:14.6667px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;width:71ch"><span style="font-family:monospace,monospace"><br></span></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Nov 27, 2019 at 1:28 AM Bernie Innocenti <<a href="mailto:bernie@codewiz.org">bernie@codewiz.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 27/11/2019 02.48, James Cameron wrote:<br>
> I like that theory. I've a vague memory of being in ldapvi and seeing<br>
> some accounts are more equal than others.<br>
> <br>
> If I knew how to convert an account from LDAP to ordinary /etc/passwd<br>
> style, I'd do it. We're not big enough to justify the effort on LDAP.<br>
<br>
LDAP was once useful when SL accounts were spanning multiple servers, <br>
but now it just adds complexity. If it were my call, I'd just stop <br>
creating new shell accounts altogether, since they're no longer <br>
necessary for development and they cause a ton of sysadmin toil (not to <br>
mention the security concerns).<br>
<br>
But the biggest pain point with LDAP seem to be periodic password <br>
expiration: that was useful to detect inactive accounts that could be <br>
removed, but expiring passwords is no longer common practice nowadays. <br>
We could easily change all expiry fields to 99999 with a search & <br>
replace in ldapvi. We could even delete all passwords, since they were <br>
only used for SMTP and IMAP.<br>
<br>
To move all users out of ldap, simply pipe the output of ldapsearch into <br>
an awk / perl / python one-liner which converts the records. I'd <br>
probably do different one-liners to produce passwd, shadow and groups.<br>
<br>
-- <br>
_ // Bernie Innocenti<br>
\X/ <a href="https://codewiz.org/" rel="noreferrer" target="_blank">https://codewiz.org/</a><br>
</blockquote></div>