Hi, I have a openldap installation that we recently implemented ppolicy and we have come to the point of using it in production. I am in the process of putting in a dedicated ldap replicant(punching bag) and I am having trouble importing the directory due to the ppolicy extended attributes not being modifiable.
Is there a way to preserve the password ages and other pwd related history to the new replicant? I reckon I could copy the entire contents of /var/lib/ldap/ from an old replicant to the new, and cross my fingers but that doesn't seem like the correct path.
Redhat EL 5.5 openldap-servers-2.3.43-12.el5
Thanks for listening,
I was able to get the correct password ages on a new test server by copying the contents of /var/lib/ldap/ (RHEL5) from a production machine while the database was halted to the test machine and then running slapd_db_recover -v -h /var/lib/ldap BEFORE starting the database. I found that the database was unrecoverable if I started slapd between copying the files and running slapd_db_recover.
Are these the recommended actions to meet my needs?
openldap-technical@openldap.org
-
G.Pitman -
Gary Pitman