Thanks, that did the trick. Slapd is now running again as supposed.
Richard
Am 24.07.2023 um 19:55 schrieb Quanah Gibson-Mount:
--On Monday, July 24, 2023 8:29 PM +0200 Richard Rosner rrosner@fsmuw.rwth-aachen.de wrote:
True, but for that you'd have to check for that and not expect everything to be fine when the main ldap is already set up right. Or at least the maintainer would have to have written an actual backup script or at least written a description that actually works. I would also have taken a path of just having the upgrade fail and roll back when such incompatibilities are found.
Honestly the upgrade process should have detected that hdb/bdb was in use prior to upgrading and aborted.
What would be the easiest way to get slapd back up and running? Would a simple "changetype: modify" and "replace: " for any changes that actually needed to be done do the trick? I mean the main part in the description was to just replace all mentions of hdb with lmdb, that wouldn't be that much work.
That, and remove any BDB specific options in the config database. Basically, I'd recusrively copy your 'upgraded' slapd.d/cn=config somewhere so you have it before making changes in case you hit errors, and then modify the contents of slapd.d/cn=config while slapd is stopped. I.e., soemthing like:
stop slapd
cp -pr /etc/openldap/slapd.d /some/backup/location/
cd /etc/openldap/slapd.d
(start making edits where necessary)
restart slapd to ensure it comes up. Note that you will have lost all ability to access the contents of the existing binary BDB-based database, so hopefully that was actually backed up as part of the upgrade process.
stop slapd again
back up the new fixed config database:
slapcat -n 0 -F /etc/openldap/slapd.d -l config.ldif
move your hacked one elsewhere:
mv /etc/openldap/slapd.d /some/other/backup/location
mkdir -p /etc/openldap/slapd.d
slapadd -n 0 -F /etc/openldap/slapd.d -l config.ldif
chown -R <whatever> /etc/openldap/slapd.d if it runs as a non-root user
start slapd
This will generate all the checksums in the config db so you don't get warnings about checksum mismatches.
--Quanah