Re: need to recover slapd password and upgrade openldap
On Tue, 26 Jul 2016, Dan Hyatt wrote:
So, a more simple question...
Can I install a current version of OpenLDAP on a current RedHat/Centos
server (specially built for this purpose. Then use slapcat to export the
information from the old server, import it to the new server, where the
admin password is not corrupt.
The fundamental upgrade procedure is unchanged:
http://www.openldap.org/doc/admin24/maintenance.html#Migration
To that procedure you'd add an additional step, let's call that step 2a,
which would be "fix any corrupted data in the slapcat output."
Can I import the schemas or are there likely substantial changes to
the
schemas across versions?
Standard schema ship with OpenLDAP itself and can be updated along with
the rest of the package. Custom schema might need an update, but that's
usually not the hard part.
My goals are to create a new LDAP server running Centos/Redhat,
transfer 20
users and allow them to keep their existing passwords, allow them to access
my servers, and allow them authentication to samba.
and create an LDAP slave (or cluster)
not sure if syncrepl is the current way to go.
I have root to the server, but I do not have the admin password to the
Openldap 2.2 as it became corrupted somehow.
You can always use a rootpw (in your slapd configuration) to override ACLs
if needed. And slapadd operates offline; all you need is filesystem write
access. There's also nothing stopping you from interpreting "fix any
corrupted data" as "fix any corrupted data and change a couple of
userPassword values while you're at it in the slapcat output" as your
"step 2a."