On 09/26/13 14:37 +0300, Jukka Tuominen wrote:
>I'm in the process of changing the domain name of a
>kerberos/openafs/openldap server on ubuntu 10.04 LTS. ldap provides the
>user metadata such as homedir location, user and group id, etc. The
>itself remains the same as well as the IP number. Actually I cloned it,
>I can still access the old, working instance (only one server running at
>any time, since the IP is the same).
>I followed instructions telling to
>1) export the old data...
> slapcat -v -l ldap.diff
>2) replace the old domain instances with the new ones using gedit
>3) remove the old data
> rm -rf /var/lib/ldap/*
Did you recreate this directory?
No. I think the above command removes the contents only, but leaves the
/var/lib/ldap in place? I checked the original installation and it seemed
to contain the same files.
>4) import the updated data back
> slapadd -l new-ldap.diff
>5) and restore dir permissions
> chown -R openldap:openldap /var/lib/ldap/*
>However, whereas the export went seemingly fine,
>importing and manipulating the new data required to point the specific
>slapd.conf file. E.g. slapadd or slapindex without -f
>would raise an error:
> Available database(s) do not allow [action].
So it does work with -f or doesn't? I'm not clear.
With -f it works.
If you modified the suffix in your new-ldap.diff, did you also modify the
suffix in your slapd.conf?
Yes I did. And with -f I was pointing the very same file. Weird!
I'm not at all familiar with ldap, so I may be overlooking something very