So, a more simple question...
Can I install a current version of OpenLDAP on a current RedHat/Centos server (specially built for this purpose. Then use slapcat to export the information from the old server, import it to the new server, where the admin password is not corrupt.
Can I import the schemas or are there likely substantial changes to the schemas across versions?
My goals are to create a new LDAP server running Centos/Redhat, transfer 20 users and allow them to keep their existing passwords, allow them to access my servers, and allow them authentication to samba. and create an LDAP slave (or cluster) not sure if syncrepl is the current way to go.
I have root to the server, but I do not have the admin password to the Openldap 2.2 as it became corrupted somehow.
On 07/24/2016 09:15 PM, Aaron Richton wrote:
On Fri, 22 Jul 2016, Dan Hyatt wrote:
My admin openLDAP 2.2 password became corrupt in the last week and I cannot
[...]
I found some instructions which seem simple risky and no backout strategy. Simply running http://techiezone.rottigni.net/2011/12/change-root-dn-password-on-openldap/
That link (apparently from 2011) doesn't apply to your software from 2003. There's no back-config in OpenLDAP 2.2. So don't try that...
@(#) $OpenLDAP: slapd 2.2.13 (Nov 26 2010 07:45:22) $ mockbuild@x86-003.build.bos.redhat.com:/builddir/build/BUILD/openldap-2.2.13/openldap-2.2.13/build-servers/servers/slapd
[...]
Having the LDAP on two separate hyper visors (with local disks) to avoid the storage/authentication chicken/egg Is there a better upgrade plan
Are you saying that your one and only LDAP server uses itself for its own A&A?
Authentication and Authorization? The server provides authentication and authorization for my group. The server only does LDAP and home dirs. I want to upgrade it to Centos 6.8 or Centos 7 (that is equal to redhat 6.8 or redhat 7) on a hypervisor with a slave running the current favored release.
[...]
I have the log files, is there a way to backout to last week without the admin password (which became corrupt last week).
I'm not sure what you're referring to by "log files." The general-case OpenLDAP backup tool is slapcat(8). Hopefully you have been running it routinely. The resulting LDIF can be easily inspected; if you have enough backups, you might even be able to find one without corruption.
We took over responsibility the LDAP in December, there was not a happy handoff... no documenation..just the password and had to move it to the new VLAN.