michalczyk.pro/blog
1
0
Fork 0
Code Issues 3 Pull Requests Projects Releases Activity

Update with code captions

Browse Source
This commit is contained in:
cryptogopher 2023-05-27 19:12:26 +02:00
parent d769d59c85
commit 19ab22b675
1 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
_posts/2023-05-19-openldap-2-4-to-2-6-upgrade.tl → _posts/sysadm/2023-05-19-openldap-2-4-to-2-6-upgrade.tl
View File

@ -2,6 +2,7 @@
layout: default
title: OpenLDAP 2.4 to 2.6 upgrade
date: 2023-05-19 23:28 +0200
tags: Gentoo LDAP
---
OpenLDAP >= 2.5 drops Berkeley DB based @hdb@ and @bdb@ backends support. Backend
upgrade - preferably to @mdb@ - is required before version upgrade.
@ -11,10 +12,10 @@ deployments the config database must be exported via @slapcat@, config export
modified as required, then resulting config database imported.
Upstream documentation:
* "B. Upgrading from 2.x":https://www.openldap.org/doc/admin25/appendix-upgrading.html
"Upgrading from 2.4.x":https://www.openldap.org/doc/admin25/appendix-upgrading.html
h2. Backup database and configuration
h3(#backup). Backup database and configuration
{% highlight bash %}
/etc/init.d/slapd stop
@ -24,11 +25,11 @@ mv /var/lib/openldap-data /var/lib/openldap-data-2.4
{% endhighlight %}
h2. Migrate to @mdb@ backend
h3. Migrate to @mdb@ backend
Update _/etc/openldap/slapd.conf_ as follows:
Replace backend module and set database type:
{% highlight config %}
{% highlight file caption=/etc/openldap/slapd.conf %}
...
# moduleload back_hdb.so
moduleload back_mdb.so
@ -37,7 +38,7 @@ database mdb
...
{% endhighlight %}
Then restore database and convert config to directory format (in that order):
Restore database and convert config to directory format (in that order):
{% highlight bash %}
mkdir /var/lib/openldap-data
@ -52,16 +53,14 @@ slaptest -f slapd.conf -F slapd.d
/etc/init.d/slapd start
{% endhighlight %}
Now is the time to verify if LDAP dependent services work like before migration.
They should.
Verify if LDAP dependent services work like before migration - they should.
h2. Upgrade to 2.6
h3. Upgrade to 2.6
Before upgrade:
* check @openldap@ @USE@ flags,
* backup database and configuration if applicable
* backup database and configuration ("see above":#backup),
then proceed with upgrade:
{% highlight bash %}
@ -71,7 +70,7 @@ dispatch-conf
Remove @ppolicy@ overlay, which is now implemented internally:
{% highlight config %}
{% highlight file caption=/etc/openldap/slapd.conf %}
...
#include /etc/openldap/schema/ppolicy.schema
...