On 09/26/13 14:37 +0300, Jukka Tuominen wrote:
I'm in the process of changing the domain name of a kerberos/openafs/openldap server on ubuntu 10.04 LTS. ldap provides the user metadata such as homedir location, user and group id, etc. The server itself remains the same as well as the IP number. Actually I cloned it, so I can still access the old, working instance (only one server running at any time, since the IP is the same).
I followed instructions telling to
- export the old data...
slapcat -v -l ldap.diff
replace the old domain instances with the new ones using gedit
remove the old data
rm -rf /var/lib/ldap/*
Did you recreate this directory?
No. I think the above command removes the contents only, but leaves the /var/lib/ldap in place? I checked the original installation and it seemed to contain the same files.
- import the updated data back
slapadd -l new-ldap.diff
- and restore dir permissions
chown -R openldap:openldap /var/lib/ldap/*
However, whereas the export went seemingly fine, importing and manipulating the new data required to point the specific slapd.conf file. E.g. slapadd or slapindex without -f /etc/ldap/slapd.conf would raise an error: Available database(s) do not allow [action].
So it does work with -f or doesn't? I'm not clear.
With -f it works.
If you modified the suffix in your new-ldap.diff, did you also modify the suffix in your slapd.conf?
Yes I did. And with -f I was pointing the very same file. Weird! I'm not at all familiar with ldap, so I may be overlooking something very simple.
br,jukka
-- Dan White