---
layout: default
title: OpenLDAP 2.4 to 2.6 upgrade
date: 2023-05-19 23:28 +0200
tags: Gentoo LDAP
---
OpenLDAP >= 2.5 drops Berkeley DB based @hdb@ and @bdb@ backends support. Backend
upgrade - preferably to @mdb@ - is required before version upgrade.

Below instructions are given for _slapd.conf_ deployments. For _slapd-config_
deployments the config database must be exported via @slapcat@, config export
modified as required, then resulting config database imported.

Upstream documentation:
"Upgrading from 2.4.x":https://www.openldap.org/doc/admin25/appendix-upgrading.html


h3(#backup). Backup database and configuration

{% highlight bash %}
/etc/init.d/slapd stop
cp -a /etc/openldap /etc/openldap-2.4
slapcat -f /etc/openldap/slapd.conf > /var/backups/openldap/slapcat-2.4.ldif
mv /var/lib/openldap-data /var/lib/openldap-data-2.4
{% endhighlight %}


h3. Migrate to @mdb@ backend

Replace backend module and set database type:

{% highlight file caption=/etc/openldap/slapd.conf %}
...
# moduleload  back_hdb.so
moduleload  back_mdb.so
...
database       mdb
...
{% endhighlight %}

Restore database and convert config to directory format (in that order):

{% highlight bash %}
mkdir /var/lib/openldap-data
chmod --reference /var/lib/openldap-data-2.4 /var/lib/openldap-data
slapadd -f /etc/openldap/slapd.conf -l /var/backups/openldap/slapcat-2.4.ldif
find /var/lib/openldap-data/ -exec chown --reference /var/lib/openldap-data {} \;
cp -a /var/lib/openldap-data-2.4/.keep_* /var/lib/openldap-data/

rm -r /etc/openldap/slapd.d/*
slaptest -f slapd.conf -F slapd.d

/etc/init.d/slapd start
{% endhighlight %}

Verify if LDAP dependent services work like before migration - they should.


h3. Upgrade to 2.6

Before upgrade:
* check @openldap@ @USE@ flags,
* backup database and configuration ("see above":#backup),
then proceed with upgrade:

{% highlight bash %}
emerge -1av openldap
dispatch-conf
{% endhighlight %}

Remove @ppolicy@ overlay, which is now implemented internally:

{% highlight file caption=/etc/openldap/slapd.conf %}
...
#include    /etc/openldap/schema/ppolicy.schema
...
{% endhighlight %}

Once again rebuild directory config:

{% highlight bash %}
rm -r /etc/openldap/slapd.d/*
slaptest -f slapd.conf -F slapd.d
{% endhighlight %}