On 21/5/2012 7:44 μμ, Nick Milas wrote:
Are you sure? Mine were migrated fine.
They lie in the {0}config (i.e. in the config root) branch.
Sorry, they lie in the config branch, not in the {0}config branch.
Here is my config root branch:
DN: cn=config objectClass: olcGlobal cn: config olcAllows: bind_v2 olcArgsFile: /usr/local/openldap/var/run/slapd.args olcAttributeOptions: lang- olcAuthzPolicy: none olcConcurrency: 0 olcConfigDir: slapd.d olcConfigFile: slapd.conf olcConnMaxPending: 100 olcConnMaxPendingAuth: 1000 olcGentleHUP: FALSE olcIdleTimeout: 0 olcIndexIntLen: 4 olcIndexSubstrAnyLen: 4 olcIndexSubstrAnyStep: 2 olcIndexSubstrIfMaxLen: 4 olcIndexSubstrIfMinLen: 2 olcLocalSSF: 71 olcLogLevel: Sync olcPidFile: /usr/local/openldap/var/run/slapd.pid olcReadOnly: FALSE olcSaslSecProps: noplain,noanonymous olcSizeLimit: unlimited olcSockbufMaxIncoming: 262143 olcSockbufMaxIncomingAuth: 16777215 olcThreads: 16 olcTimeLimit: unlimited olcTLSCACertificateFile: /usr/local/openldap/etc/openldap/certs/chain.pem olcTLSCertificateFile: /usr/local/openldap/etc/openldap/certs/cert.pem olcTLSCertificateKeyFile: /usr/local/openldap/etc/openldap/certs/priv.pem olcTLSCipherSuite: HIGH:MEDIUM:+SSLv2 olcTLSCRLCheck: none olcTLSVerifyClient: never olcToolThreads: 1 olcWriteTimeout: 0
I agree with Quanah on using a non-system LDAP package; of those I have worked with, I would propose you try using Symas Silver (excluding syncrepl providers - if you cannot afford paid support - otherwise check gold), or full-featured LTB project's RPMs (free, with on-line issue system). (We use the latter.)
Buchan's RPMs are fine too, but availability is sometimes limited and updates slower. There are surely other RPMs and/or SRPMs around.
This way you can upgrade at will and fully control your system.
It'll take you some time in the beginning to setup things fully (since non-default system paths are used), but you'll not regret it.
Nick