---
layout: default
title: OpenLDAP 2.4 to 2.6 upgrade
date: 2023-05-19 23:28 +0200
---
OpenLDAP >= 2.5 drops Berkeley DB based @hdb@ and @bdb@ backends support. Backend
upgrade - preferably to @mdb@ - is required before version upgrade.

Below instructions are given for _slapd.conf_ deployments. For _slapd-config_
deployments the config database must be exported via @slapcat@, config export
modified as required, then resulting config database imported.

Upstream documentation:
* "B. Upgrading from 2.x":https://www.openldap.org/doc/admin25/appendix-upgrading.html


h2. Backup database and configuration

{% highlight bash %}
/etc/init.d/slapd stop
cp -a /etc/openldap /etc/openldap-2.4
slapcat -f /etc/openldap/slapd.conf > /var/backups/openldap/slapcat-2.4.ldif
mv /var/lib/openldap-data /var/lib/openldap-data-2.4
{% endhighlight %}


h2. Migrate to @mdb@ backend

Update _/etc/openldap/slapd.conf_ as follows:

{% highlight config %}
...
# moduleload  back_hdb.so
moduleload  back_mdb.so
...
database       mdb
...
{% endhighlight %}

Then restore database and convert config to directory format (in that order):

{% highlight bash %}
mkdir /var/lib/openldap-data
chmod --reference /var/lib/openldap-data-2.4 /var/lib/openldap-data
slapadd -f /etc/openldap/slapd.conf -l /var/backups/openldap/slapcat-2.4.ldif
find /var/lib/openldap-data/ -exec chown --reference /var/lib/openldap-data {} \;
cp -a /var/lib/openldap-data-2.4/.keep_* /var/lib/openldap-data/

rm -r /etc/openldap/slapd.d/*
slaptest -f slapd.conf -F slapd.d

/etc/init.d/slapd start
{% endhighlight %}

Now is the time to verify if LDAP dependent services work like before migration.
They should.


h2. Upgrade to 2.6

Before upgrade:
* check @openldap@ @USE@ flags,
* backup database and configuration if applicable

then proceed with upgrade:

{% highlight bash %}
emerge -1av openldap
dispatch-conf
{% endhighlight %}

Remove @ppolicy@ overlay, which is now implemented internally:

{% highlight config %}
...
#include    /etc/openldap/schema/ppolicy.schema
...
{% endhighlight %}

Once again rebuild directory config:

{% highlight bash %}
rm -r /etc/openldap/slapd.d/*
slaptest -f slapd.conf -F slapd.d
{% endhighlight %}