On 09/26/13 14:37 +0300, Jukka Tuominen wrote:
I'm in the process of changing the domain name of a kerberos/openafs/openldap server on ubuntu 10.04 LTS. ldap provides the user metadata such as homedir location, user and group id, etc. The server itself remains the same as well as the IP number. Actually I cloned it, so I can still access the old, working instance (only one server running at any time, since the IP is the same).
I followed instructions telling to
- export the old data...
slapcat -v -l ldap.diff
replace the old domain instances with the new ones using gedit
remove the old data
rm -rf /var/lib/ldap/*
Did you recreate this directory?
- import the updated data back
slapadd -l new-ldap.diff
- and restore dir permissions
chown -R openldap:openldap /var/lib/ldap/*
However, whereas the export went seemingly fine, importing and manipulating the new data required to point the specific slapd.conf file. E.g. slapadd or slapindex without -f /etc/ldap/slapd.conf would raise an error: Available database(s) do not allow [action].
So it does work with -f or doesn't? I'm not clear.
If you modified the suffix in your new-ldap.diff, did you also modify the suffix in your slapd.conf?