Hi,
I'm moving from a two-node CentOS 7 cluster running essentially the RedHat openldap-servers build (which I rebuild to use OpenSSL, but otherwise, left alone).
I've provisioned a new Rocky Linux 8 system and have installed OpenLDAP 2.5 from the LTB repository, and have moved the old slapd.d directory out of the way and put the slapd.d directory from the old servers in place. If I try to run slapd-cli status, it throws this:
olcAttributeTypes: value #8 olcAttributeTypes: Inconsistent duplicate attributeType: "pwdMustChange" config error processing cn={5}samba,cn=schema,cn=config: olcAttributeTypes: Inconsistent duplicate attributeType: "pwdMustChange" slapcat: bad configuration directory! olcAttributeTypes: value #8 olcAttributeTypes: Inconsistent duplicate attributeType: "pwdMustChange" config error processing cn={5}samba,cn=schema,cn=config: olcAttributeTypes: Inconsistent duplicate attributeType: "pwdMustChange" slapcat: bad configuration directory!
Looking here: https://ltb-project.org/documentation/migrate_openldap_ltb_24_openldap_ltb_2..., it looks like there's more going on. Does anyone have any input as to how to accomplish this? I do need to bring the old data in, ideally without having to make changes to the samba scheme under the hood.
Best,
Aaron
--- Aaron Bennett Manager of Systems Administration Clark University ITS
--On Thursday, March 10, 2022 6:06 PM +0000 Aaron Bennett abennett@clarku.edu wrote:
Hi,
I'm moving from a two-node CentOS 7 cluster running essentially the RedHat openldap-servers build (which I rebuild to use OpenSSL, but otherwise, left alone).
The 2.4 cn=config is not necessarily compatible with 2.5. You should dump your current 2.4 config with slapcat -n 0 and then update it accordingly for use with 2.5. Symas has excellent 2.5 and 2.6 packages available at https://repo.symas.com/soldap/ along with upgrade instructions: https://repo.symas.com/soldap/upgrading/
In your specific case, it appears that you've left the ppolicy schema in place in the cn=config db, where it was moved to be internal to the ppolicy overlay module in 2.5 and later.
Regards, Quanah
Hello,
If you are using LTB package, you can also give a look at:
https://ltb-project.org/documentation/migrate_openldap_ltb_24_openldap_ltb_2...
Regards,
David
Le 10/03/2022 à 19:06, Aaron Bennett a écrit :
Hi,
I'm moving from a two-node CentOS 7 cluster running essentially the RedHat openldap-servers build (which I rebuild to use OpenSSL, but otherwise, left alone).
I've provisioned a new Rocky Linux 8 system and have installed OpenLDAP 2.5 from the LTB repository, and have moved the old slapd.d directory out of the way and put the slapd.d directory from the old servers in place. If I try to run slapd-cli status, it throws this:
olcAttributeTypes: value #8 olcAttributeTypes: Inconsistent duplicate attributeType: "pwdMustChange" config error processing cn={5}samba,cn=schema,cn=config: olcAttributeTypes: Inconsistent duplicate attributeType: "pwdMustChange" slapcat: bad configuration directory! olcAttributeTypes: value #8 olcAttributeTypes: Inconsistent duplicate attributeType: "pwdMustChange" config error processing cn={5}samba,cn=schema,cn=config: olcAttributeTypes: Inconsistent duplicate attributeType: "pwdMustChange" slapcat: bad configuration directory!
Looking here: https://ltb-project.org/documentation/migrate_openldap_ltb_24_openldap_ltb_2..., it looks like there's more going on. Does anyone have any input as to how to accomplish this? I do need to bring the old data in, ideally without having to make changes to the samba scheme under the hood.
Best,
Aaron
Aaron Bennett Manager of Systems Administration Clark University ITS
-----Original Message-----
From: David Coutadeur david.coutadeur@gmail.com Sent: Thursday, March 10, 2022 3:45 PM To: Aaron Bennett abennett@clarku.edu; openldap-technical@openldap.org Subject: [EXT] Re: migrate from RedHat openldap 2.4 to LTB OpenLdap 2.5 If you are using LTB package, you can also give a look at: https://ltb-project.org/documentation/migrate_openldap_ltb_24_openldap_ltb_2...
Hi David,
Can you expand on " Remove built-in schema definition in cn=schema,cn=config entry" ?
If I remove the cn=schema,cn=config information, then the next section, "dn: cn={0}core,cn=schema,cn=config" errors on import. I need for sure inetorgperson, nis, eduPerson, samba. What am I missing here?
Best,
Aaron
Hello,
You need to remove the content of the entry "dn: cn=schema,cn=config", exept the objectClass and cn attributes.
The cn=schema,cn=config entry should look like this:
dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema
You must not remove the other schemas under this entry. (except the ppolicy schema)
Regards,
David
Le 15/03/2022 à 18:19, Aaron Bennett a écrit :
-----Original Message-----
From: David Coutadeur david.coutadeur@gmail.com Sent: Thursday, March 10, 2022 3:45 PM To: Aaron Bennett abennett@clarku.edu; openldap-technical@openldap.org Subject: [EXT] Re: migrate from RedHat openldap 2.4 to LTB OpenLdap 2.5 If you are using LTB package, you can also give a look at: https://ltb-project.org/documentation/migrate_openldap_ltb_24_openldap_ltb_2...
Hi David,
Can you expand on " Remove built-in schema definition in cn=schema,cn=config entry" ?
If I remove the cn=schema,cn=config information, then the next section, "dn: cn={0}core,cn=schema,cn=config" errors on import. I need for sure inetorgperson, nis, eduPerson, samba. What am I missing here?
Best,
Aaron
-----Original Message----- From: David Coutadeur david.coutadeur@gmail.com Sent: Tuesday, March 15, 2022 1:28 PM To: Aaron Bennett abennett@clarku.edu; openldap-technical@openldap.org Subject: Re: [EXT] Re: migrate from RedHat openldap 2.4 to LTB OpenLdap 2.5
The cn=schema,cn=config entry should look like this:
dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema
Thank you -- that got me substantially closer.
-Aaron
openldap-technical@openldap.org
-
Aaron Bennett -
David Coutadeur -
Quanah Gibson-Mount