[389-users] Migrating passwd, group, & shadow to 389-ds

Hello, I’m planning a migration of Linux account data from /etc/ files to 389-ds (or OpenLDAP/slapd, but for now I’m leaning toward 389-ds). I have a few questions that I hoped folks here might help with? - What kinds of automation tools do folks use for creating/updating/removing dirsrv entries? I’m assuming there is something that abstracts over all of the actual schema details? - What tools have folks used for migration of existing account data? I see a package of Perl scripts that some distros provide; is that about it? - When creating a new posixAccount & posixGroup, how are UIDs and GIDs to be chosen? If I have 10,000 users, do I have to grab all 10,000 posixAccount and posixGroup entries to determine which is the next unused UID & GID, or is there some cleaner solution? - Are there tools to facilitate race safety if, e.g., two concurrent queries try to create an account at the same time? - I see that OpenLDAP/slapd can embed a Perl interpreter or exec arbitrary commands to fulfill queries. Can 389-ds do something similar to implement dynamic query results? Thank you in advance! cheers, -Felipe Gasper