4:37 a.m.
Hi all,
I'm in the process of changing the domain name of a
kerberos/openafs/openldap server on ubuntu 10.04 LTS. ldap provides the
user metadata such as homedir location, user and group id, etc. The server
itself remains the same as well as the IP number. Actually I cloned it, so
I can still access the old, working instance (only one server running at
any time, since the IP is the same).
I followed instructions telling to
1) export the old data...
slapcat -v -l ldap.diff
2) replace the old domain instances with the new ones using gedit
3) remove the old data
rm -rf /var/lib/ldap/*
4) import the updated data back
slapadd -l new-ldap.diff
5) and restore dir permissions
chown -R openldap:openldap /var/lib/ldap/*
However, whereas the export went seemingly fine,
importing and manipulating the new data required to point the specific
slapd.conf file. E.g. slapadd or slapindex without -f /etc/ldap/slapd.conf
would raise an error:
Available database(s) do not allow [action].
Basic commands like id, ldapsearch -x or slapcat return empty content
without errors. All the /etc/ .confs have been updated, and should point
to the new domain name.
Any idea what could cause this and how to fix it?
br, jukka
6:54 a.m.
On 09/26/13 14:37 +0300, Jukka Tuominen wrote:
I'm in the process of changing the domain name of a
kerberos/openafs/openldap server on ubuntu 10.04 LTS. ldap provides the
user metadata such as homedir location, user and group id, etc. The server
itself remains the same as well as the IP number. Actually I cloned it, so
I can still access the old, working instance (only one server running at
any time, since the IP is the same).
I followed instructions telling to
1) export the old data...
slapcat -v -l ldap.diff
2) replace the old domain instances with the new ones using gedit
3) remove the old data
rm -rf /var/lib/ldap/*
Did you recreate this directory?
4) import the updated data back
slapadd -l new-ldap.diff
5) and restore dir permissions
chown -R openldap:openldap /var/lib/ldap/*
However, whereas the export went seemingly fine,
importing and manipulating the new data required to point the specific
slapd.conf file. E.g. slapadd or slapindex without -f /etc/ldap/slapd.conf
would raise an error:
Available database(s) do not allow [action].
So it does work with -f or doesn't? I'm not clear.
If you modified the suffix in your new-ldap.diff, did you also modify the
suffix in your slapd.conf?
--
Dan White
7:05 a.m.
On 09/26/13 14:37 +0300, Jukka Tuominen wrote:
>I'm in the process of changing the domain name of a
>kerberos/openafs/openldap server on ubuntu 10.04 LTS. ldap provides the
>user metadata such as homedir location, user and group id, etc. The
> server
>itself remains the same as well as the IP number. Actually I cloned it,
> so
>I can still access the old, working instance (only one server running at
>any time, since the IP is the same).
>
>I followed instructions telling to
>
>1) export the old data...
> slapcat -v -l ldap.diff
>
>2) replace the old domain instances with the new ones using gedit
>
>3) remove the old data
> rm -rf /var/lib/ldap/*
Did you recreate this directory?
No. I think the above command removes the contents only, but leaves the
/var/lib/ldap in place? I checked the original installation and it seemed
to contain the same files.
>4) import the updated data back
> slapadd -l new-ldap.diff
>
>5) and restore dir permissions
> chown -R openldap:openldap /var/lib/ldap/*
>
>However, whereas the export went seemingly fine,
>importing and manipulating the new data required to point the specific
>slapd.conf file. E.g. slapadd or slapindex without -f
> /etc/ldap/slapd.conf
>would raise an error:
> Available database(s) do not allow [action].
So it does work with -f or doesn't? I'm not clear.
With -f it works.
If you modified the suffix in your new-ldap.diff, did you also modify the
suffix in your slapd.conf?
Yes I did. And with -f I was pointing the very same file. Weird!
I'm not at all familiar with ldap, so I may be overlooking something very
simple.
br,jukka
--
Dan White
3:10 a.m.
Still not working. A few more things that I've noticed:
- While pointing to slapd.conf file with -f, slapadd and slapadd seem to
work, but starting the daemon similarly with -f doesn't help finding the
actual content (e.g. ldapsearch -x uid=xxx).
- The original, working setup doesn't use the slapd.conf. Disabling the
file in the new system didn't help.
- Running slapadd with -b option (and without -f) returns error:
slapadd: slap_init no backend for "dc=xxx,dc=xxx"
I also wonder if there are any configurations outside /etc/ that I should
tweak or check the file/dir permissions?
Any help is greatly appreciated
br,jukka
> On 09/26/13 14:37 +0300, Jukka Tuominen wrote:
>>I'm in the process of changing the domain name of a
>>kerberos/openafs/openldap server on ubuntu 10.04 LTS. ldap provides the
>>user metadata such as homedir location, user and group id, etc. The
>> server
>>itself remains the same as well as the IP number. Actually I cloned it,
>> so
>>I can still access the old, working instance (only one server running at
>>any time, since the IP is the same).
>>
>>I followed instructions telling to
>>
>>1) export the old data...
>> slapcat -v -l ldap.diff
>>
>>2) replace the old domain instances with the new ones using gedit
>>
>>3) remove the old data
>> rm -rf /var/lib/ldap/*
>
> Did you recreate this directory?
No. I think the above command removes the contents only, but leaves the
/var/lib/ldap in place? I checked the original installation and it seemed
to contain the same files.
>
>>4) import the updated data back
>> slapadd -l new-ldap.diff
>>
>>5) and restore dir permissions
>> chown -R openldap:openldap /var/lib/ldap/*
>>
>>However, whereas the export went seemingly fine,
>>importing and manipulating the new data required to point the specific
>>slapd.conf file. E.g. slapadd or slapindex without -f
>> /etc/ldap/slapd.conf
>>would raise an error:
>> Available database(s) do not allow [action].
>
> So it does work with -f or doesn't? I'm not clear.
With -f it works.
>
> If you modified the suffix in your new-ldap.diff, did you also modify
> the
> suffix in your slapd.conf?
Yes I did. And with -f I was pointing the very same file. Weird!
I'm not at all familiar with ldap, so I may be overlooking something very
simple.
br,jukka
>
> --
> Dan White
>
3719
days inactive
3721
days old
openldap-technical@openldap.org
3 comments
2 participants
participants (2)
-
Dan White -
Jukka Tuominen