diff --git a/_config.yml b/_config.yml index cec63e8..02d3e80 100644 --- a/_config.yml +++ b/_config.yml @@ -41,6 +41,10 @@ feed: textile_ext: "textile,txtl,tl" +# TODO: plugin jekyll-professorize with patches: +# - setting default ext other than .md +# - adding figurecaption to {% highlight %} figure + # Exclude from processing. # The following items will not be processed, by default. # Any item listed under the `exclude:` key here will be automatically added to diff --git a/_drafts/openldap-2-4-to-2-6-upgrade.tl b/_drafts/openldap-2-4-to-2-6-upgrade.tl new file mode 100644 index 0000000..08882ce --- /dev/null +++ b/_drafts/openldap-2-4-to-2-6-upgrade.tl @@ -0,0 +1,87 @@ +--- +layout: post +title: OpenLDAP 2.4 to 2.6 upgrade +--- +OpenLDAP >= 2.5 drops Berkeley DB based @hdb@ and @bdb@ backends support. Backend +upgrade - preferably to @mdb@ - is required before version upgrade. + +Below instructions are given for _slapd.conf_ deployments. For _slapd-config_ +deployments the config database must be exported via @slapcat@, config export +modified as required, then resulting config database imported. + +Upstream documentation: +* "B. Upgrading from 2.x":https://www.openldap.org/doc/admin25/appendix-upgrading.html + + +h2. Backup database and configuration + +{% highlight bash %} +/etc/init.d/slapd stop + +cp -a /etc/openldap /etc/openldap-2.4 + +slapcat -f /etc/openldap/slapd.conf > /var/backups/openldap/slapcat-2.4.ldif + +mv /var/lib/openldap-data /var/lib/openldap-data-2.4 +{% endhighlight %} + + +h2. Migrate to @mdb@ backend + +Update _/etc/openldap/slapd.conf_ as follows: + +{% highlight config %} +... +# moduleload back_hdb.so +moduleload back_mdb.so +... +database mdb +... +{% endhighlight %} + +Then restore database and convert config to directory format (in that order): + +{% highlight bash %} +mkdir /var/lib/openldap-data +chmod --reference /var/lib/openldap-data-2.4 /var/lib/openldap-data +slapadd -f /etc/openldap/slapd.conf -l /var/backups/openldap/slapcat-2.4.ldif +find /var/lib/openldap-data/ -exec chown --reference /var/lib/openldap-data {} \; +cp -a /var/lib/openldap-data-2.4/.keep_* /var/lib/openldap-data/ + +rm -r /etc/openldap/slapd.d/* +slaptest -f slapd.conf -F slapd.d + +/etc/init.d/slapd start +{% endhighlight %} + +Now is the time to verify if LDAP dependent services work like before migration. +They should. + + +h2. Upgrade to 2.6 + +Before upgrade: +* check @openldap@ @USE@ flags, +* backup database and configuration if applicable + +then proceed with upgrade: + +{% highlight bash %} +emerge -1av openldap +dispatch-conf +{% endhighlight %} + +Remove @ppolicy@ overlay, which is now implemented internally: + +{% highlight config %} +... +#include /etc/openldap/schema/ppolicy.schema +... +{% endhighlight %} + +Once again rebuild directory config: + +{% highlight bash %} +rm -r /etc/openldap/slapd.d/* +slaptest -f slapd.conf -F slapd.d +{% endhighlight %}