Quanah Gibson-Mount quanah@symas.com schrieb am 07.11.2018 um 17:19 in
Nachricht <F69BE983171EACF5A6B16493@[192.168.1.39]>:
‑‑On Wednesday, November 07, 2018 11:05 AM +0100 Ulrich Windl <Ulrich.Windl@rz.uni‑regensburg.de> wrote:
Hi!
I had reported about trouble when upgrading the openldap from SLES11 SP4 to that from SLES12 SP3. Besides the version jump, SUSE also removed some modules that had been static in SLES11, so that they need to be loaded dynamically now. Besides that, the bdb version was updated as well, and some other minor things.
The OpenLDAP project has long recommended against using distribution provided builds for a variety of reasons. You've just excellent summarized
another reason why they should be avoided ‑‑ You have no control over whether or not they will change how they build the software and thus utterly destroy a working deployment.
What you will have to do:
a) Use slapcat with the older SLES build to export your cn=config database b) Update the resulting LDIF so that it works correctly with the new SLES build c) Import it with the new SLES slapd
I tried to do so, but It did not work: Without debugging the only message I got was "slapadd: database doesn't support necessary operations.".
With debugging enabled, the process ends with these messages: 5bea96e0 backend_startup_one: starting "cn=config" 5bea96e0 ldif_read_file: no entry file "/etc/openldap/slapd.d/cn=config.ldif" 5bea96e0 send_ldap_result: conn=-1 op=0 p=0 5bea96e0 >>> dnNormalize: <cn=Subschema> ... 5bea96e0 slapadd startup: initiated. 5bea96e0 backend_startup_one: starting "cn=config" 5bea96e0 config_back_db_open Backend ACL: access to * by * none
5bea96e0 config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context slapadd: database doesn't support necessary operations. ----
What is special with the "Backend ACL"? Is this referring to a specific line of my LDIF? The command I used was "slapadd -v -n0 -F /etc/openldap/slapd.d -S 1 -w -g -dparse,ACL,trace -l /tmp/test-0.ldif"
The basic question is: What is the necessary operation the database does not support?
Regards, Ulrich
None of this is a problem with OpenLDAP. Everything about this is a problem with SLES.
Regards, Quanah
‑‑
Quanah Gibson‑Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com