We have a legacy application that we manage the employees, this application connects to an ApacheDS and provides LDAP authentication trough it. Now we want to implement FreeIPA but not as the source of truth but as our new LDAP system, the ipa migrate-ds command won't work as ApacheDS does not have POSIX values.
I have thought about exporting an ldif from ApacheDS, altering the file in order to work with OpenLDAP, then import the users in OpenLDAP generating the POSIX values and then migrate from OpenLDAP to FreeIPA. Or writing a script that adds the POSIX UID/GID, then import it to OpenLDAP, and then to FreeIPA as it cannot directly import the ldif file.
Is there another way to do it? Also when the password is updated on the legacy system it needs to be updated on FreeIPA as well, and do a cross check on each day for deleted users on the ldif and run a query to delete them from OpenLDAP.
The best thing I can think of is a script in the following flow.
Legacy System -> ApacheDS -> ldif -> script -> OpenLDAP -> FreeIPA
Is a way to import the users in FreeIPA and make it generate the POSIX there? OR load them with simple LDAP in FreeIPA, and run a query to add the POSIX?
