Hi all, I am about the 4th sysadmin for our organization, and our openldap is old, 2.4.40 system version for CentOS 6.9. Also there might have been incorrect modifications to the slapd.d files since it was really difficult to update things. The olcRootDN was set to "cn=config" somehow so I had to manually update that to the Manager account and figure out the CRC32 and everything, but at least I could make some updates now.
Anyway, I would like to get our installation updated to a current version, as well as set up some sort of replication with our other server, in case one goes down then our users could still login and use our applications, or I could still add/delete users. Perhaps a multi-master config would be best? (Also maybe update the databases too since they are using bdb format? but maybe that is just unnecessary extra work) I tried to setup replication by following a guide, but was not successful and actually made things worse for our demon, so had to undo the changes for now. I guess 2.4.40 has some problems with replication anyway from what I've heard.
First, to get openldap updated, would it be as simple as compiling the new version and then updating the init script /etc/init.d/slapd to point to the new binaries? I would stop slapd and get a backup of /etc/openldap and /var/lib/ldap. Then I could just leave our current config in /etc/openldap and databases in /var/lib/ldap? I've already built the new version and "make test" was successful so am ready to proceed from there with your assistance and suggestions.
Thanks,
Am Tue, 21 Aug 2018 15:50:49 -0700 schrieb admin@genome.arizona.edu:
Hi all, I am about the 4th sysadmin for our organization, and our openldap is old, 2.4.40 system version for CentOS 6.9. Also there might have been incorrect modifications to the slapd.d files since it was really difficult to update things. The olcRootDN was set to "cn=config" somehow so I had to manually update that to the Manager account and figure out the CRC32 and everything, but at least I could make some updates now.
The cn=config rootDN is correct, if this is bound to a config database.
Anyway, I would like to get our installation updated to a current version, as well as set up some sort of replication with our other server, in case one goes down then our users could still login and use our applications, or I could still add/delete users. Perhaps a multi-master config would be best? (Also maybe update the databases too since they are using bdb format? but maybe that is just unnecessary extra work) I tried to setup replication by following a guide, but was not successful and actually made things worse for our demon, so had to undo the changes for now. I guess 2.4.40 has some problems with replication anyway from what I've heard.
A simple mirror mode schould work anyhow.
First, to get openldap updated, would it be as simple as compiling the new version and then updating the init script /etc/init.d/slapd to point to the new binaries? I would stop slapd and get a backup of /etc/openldap and /var/lib/ldap. Then I could just leave our current config in /etc/openldap and databases in /var/lib/ldap? I've already built the new version and "make test" was successful so am ready to proceed from there with your assistance and suggestions.
1. slapcat(8) the old database to a file, 2. install libraries and binaries 3. setup a new config database, that is: creat a slapd.conf file to your requirements, configure a slapd-mdb(5) database, load the database file by slapadd(8), slaptest(8) will create a config database.
-Dieter
openldap-technical@openldap.org
-
admin@genome.arizona.edu -
Dieter Klünter