michalczyk.pro/blog
1
0
Fork 0
Code Issues 3 Pull Requests Projects Releases Activity

Add new draft

Browse Source
This commit is contained in:
cryptogopher 2023-02-20 22:59:24 +01:00
parent 8da2e86fe5
commit 2fd6c6c7b6
2 changed files with 91 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
_config.yml
View File

@ -41,6 +41,10 @@ feed:
textile_ext: "textile,txtl,tl" textile_ext: "textile,txtl,tl"
# TODO: plugin jekyll-professorize with patches:
# - setting default ext other than .md
# - adding figurecaption to {% highlight %} figure
# Exclude from processing. # Exclude from processing.
# The following items will not be processed, by default. # The following items will not be processed, by default.
# Any item listed under the `exclude:` key here will be automatically added to # Any item listed under the `exclude:` key here will be automatically added to

87
_drafts/openldap-2-4-to-2-6-upgrade.tl Normal file
View File

@ -0,0 +1,87 @@
---
layout: post
title: OpenLDAP 2.4 to 2.6 upgrade
---
OpenLDAP >= 2.5 drops Berkeley DB based @hdb@ and @bdb@ backends support. Backend
upgrade - preferably to @mdb@ - is required before version upgrade.
Below instructions are given for _slapd.conf_ deployments. For _slapd-config_
deployments the config database must be exported via @slapcat@, config export
modified as required, then resulting config database imported.
Upstream documentation:
* "B. Upgrading from 2.x":https://www.openldap.org/doc/admin25/appendix-upgrading.html
h2. Backup database and configuration
{% highlight bash %}
/etc/init.d/slapd stop
cp -a /etc/openldap /etc/openldap-2.4
slapcat -f /etc/openldap/slapd.conf > /var/backups/openldap/slapcat-2.4.ldif
mv /var/lib/openldap-data /var/lib/openldap-data-2.4
{% endhighlight %}
h2. Migrate to @mdb@ backend
Update _/etc/openldap/slapd.conf_ as follows:
{% highlight config %}
...
# moduleload back_hdb.so
moduleload back_mdb.so
...
database mdb
...
{% endhighlight %}
Then restore database and convert config to directory format (in that order):
{% highlight bash %}
mkdir /var/lib/openldap-data
chmod --reference /var/lib/openldap-data-2.4 /var/lib/openldap-data
slapadd -f /etc/openldap/slapd.conf -l /var/backups/openldap/slapcat-2.4.ldif
find /var/lib/openldap-data/ -exec chown --reference /var/lib/openldap-data {} \;
cp -a /var/lib/openldap-data-2.4/.keep_* /var/lib/openldap-data/
rm -r /etc/openldap/slapd.d/*
slaptest -f slapd.conf -F slapd.d
/etc/init.d/slapd start
{% endhighlight %}
Now is the time to verify if LDAP dependent services work like before migration.
They should.
h2. Upgrade to 2.6
Before upgrade:
* check @openldap@ @USE@ flags,
* backup database and configuration if applicable
then proceed with upgrade:
{% highlight bash %}
emerge -1av openldap
dispatch-conf
{% endhighlight %}
Remove @ppolicy@ overlay, which is now implemented internally:
{% highlight config %}
...
#include /etc/openldap/schema/ppolicy.schema
...
{% endhighlight %}
Once again rebuild directory config:
{% highlight bash %}
rm -r /etc/openldap/slapd.d/*
slaptest -f slapd.conf -F slapd.d
{% endhighlight %}