Hi
We are planing migration from openldap 2.4.20 (with bdb 4.8) to openldap
2.4.33 (bdb 5.1.29)
No of users are 4 million and about to go live within next 10 days.
We are using flat file for configuration in use.
Below is my slapd.conf and DB_CONFIG files
include /apps/openldap/etc/openldap/schema/core.schema
include /apps/openldap/etc/openldap/schema/cosine.schema
include /apps/openldap/etc/openldap/schema/nis.schema
include /apps/openldap/etc/openldap/schema/inetorgperson.schema
include /apps/openldap/etc/openldap/schema/openldap.schema
include /apps/openldap/etc/openldap/schema/dyngroup.schema
include /apps/openldap/etc/openldap/schema/ppolicy.schema
include /apps/openldap/etc/openldap/schema/channelIdentifier.schema
include /apps/openldap/etc/openldap/schema/platform.schema
include /apps/openldap/etc/openldap/schema/extendedProfileKey.schema
include
/apps/openldap/etc/openldap/schema/extendedProfileValue.schema
include /apps/openldap/etc/openldap/schema/behaviorKey.schema
include /apps/openldap/etc/openldap/schema/behaviorValue.schema
include /apps/openldap/etc/openldap/schema/questionAnswer.schema
include /apps/openldap/etc/openldap/schema/extendedTop.schema
include /apps/openldap/etc/openldap/schema/counter.schema
pidfile /apps/openldap/var/run/slapd.pid
argsfile /apps/openldap/var/run/slapd.args
logfile /apps/logs/ldap
loglevel 16640
database bdb
suffix "dc=ibm,dc=com"
access to attrs=userPassword
by self write
by anonymous auth
by * break
access to *
by
group/groupOfUniqueNames/uniqueMember.exact="cn=VWrite,ou=businessUsersGroup,dc=ibm,dc=com"
manage
by
group/groupOfUniqueNames/uniqueMember.exact="cn=VRead,ou=businessUsersGroup,dc=ibm,dc=com"
read
by * break
access to *
by self write
by anonymous auth
by * read
rootdn "cn=Manager,dc=ibm,dc=com"
rootpw {SSHA}dXDFSQeFjSoa/A1HfJ3TAzYf8
################## SSL ##########################################
#
#TLSVerifyClient allow
TLSCipherSuite HIGH:MEDIUM:+SSLv3
TLSCACertificateFile /apps/openldap/etc/openldap/cacerts/nascarcacert.pem
TLSCertificateFile /apps/openldap/etc/openldap/cacerts/sj.crt
TLSCertificateKeyFile /apps/openldap/etc/openldap/cacerts/sj.key
#
index entryCSN eq
index entryUUID eq
index
mail,uid,postalCode,smail,channelType,channelValue,answer,behavName,objectclass,tokenID,type
eq
index givenName,sn,city,question,behavValue,cn,extName sub
index displayName approx
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
serverid 3
syncrepl rid=111
provider=ldap://mmprod04
binddn="cn=Manager,dc=ibm,dc=com"
bindmethod=simple
starttls=yes
tls_reqcert=allow
credentials=G00gle#
searchbase="dc=ibm,dc=com"
type=refreshAndPersist
retry="5 5 300 +"
interval=00:00:00:10
syncrepl rid=222
provider=ldap://mmprod05
binddn="cn=Manager,dc=ibm,dc=com"
bindmethod=simple
starttls=yes
tls_reqcert=allow
credentials=G00gle#
searchbase="dc=idm,dc=com"
type=refreshAndPersist
retry="5 5 300 +"
interval=00:00:00:10
mirrormode TRUE
cachesize 100000
idlcachesize 300000
lastmod on
checkpoint 128 15
concurrency 100
directory /apps/openldap/var/openldap-data
overlay unique
unique_attributes mail
overlay ppolicy
ppolicy_default "cn=default,ou=pwdPolicy,dc=idm,dc=com"
ppolicy_use_lockout
DB_CONFIG
set_cachesize 0 4294967295 0
set_lg_regionmax 2048576
set_lg_max 20485760
set_lg_bsize 2097152
set_lk_max_locks 10000
set_lk_max_objects 5000
set_lk_max_lockers 5000
My querries are:-
1. What should be taken care(Best Practices).
2. Data migration can be db_hotbackup will work?
3. Can same flat file method be used, if not what could be the way should
work out.
4. any thing else i should be aware and is critical.
--
Thanks&Regards
Anil Beniwal