Hi
We are planing migration from openldap 2.4.20 (with bdb 4.8) to openldap 2.4.33 (bdb 5.1.29)
No of users are 4 million and about to go live within next 10 days.
We are using flat file for configuration in use.
Below is my slapd.conf and DB_CONFIG files
include /apps/openldap/etc/openldap/schema/core.schema include /apps/openldap/etc/openldap/schema/cosine.schema include /apps/openldap/etc/openldap/schema/nis.schema include /apps/openldap/etc/openldap/schema/inetorgperson.schema include /apps/openldap/etc/openldap/schema/openldap.schema include /apps/openldap/etc/openldap/schema/dyngroup.schema include /apps/openldap/etc/openldap/schema/ppolicy.schema include /apps/openldap/etc/openldap/schema/channelIdentifier.schema include /apps/openldap/etc/openldap/schema/platform.schema include /apps/openldap/etc/openldap/schema/extendedProfileKey.schema include /apps/openldap/etc/openldap/schema/extendedProfileValue.schema include /apps/openldap/etc/openldap/schema/behaviorKey.schema include /apps/openldap/etc/openldap/schema/behaviorValue.schema include /apps/openldap/etc/openldap/schema/questionAnswer.schema include /apps/openldap/etc/openldap/schema/extendedTop.schema include /apps/openldap/etc/openldap/schema/counter.schema
pidfile /apps/openldap/var/run/slapd.pid argsfile /apps/openldap/var/run/slapd.args
logfile /apps/logs/ldap loglevel 16640
database bdb suffix "dc=ibm,dc=com"
access to attrs=userPassword by self write by anonymous auth by * break
access to * by group/groupOfUniqueNames/uniqueMember.exact="cn=VWrite,ou=businessUsersGroup,dc=ibm,dc=com" manage by group/groupOfUniqueNames/uniqueMember.exact="cn=VRead,ou=businessUsersGroup,dc=ibm,dc=com" read by * break
access to * by self write by anonymous auth by * read
rootdn "cn=Manager,dc=ibm,dc=com"
rootpw {SSHA}dXDFSQeFjSoa/A1HfJ3TAzYf8
################## SSL ########################################## # #TLSVerifyClient allow TLSCipherSuite HIGH:MEDIUM:+SSLv3 TLSCACertificateFile /apps/openldap/etc/openldap/cacerts/nascarcacert.pem TLSCertificateFile /apps/openldap/etc/openldap/cacerts/sj.crt TLSCertificateKeyFile /apps/openldap/etc/openldap/cacerts/sj.key #
index entryCSN eq index entryUUID eq index mail,uid,postalCode,smail,channelType,channelValue,answer,behavName,objectclass,tokenID,type eq index givenName,sn,city,question,behavValue,cn,extName sub index displayName approx
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
serverid 3
syncrepl rid=111 provider=ldap://mmprod04 binddn="cn=Manager,dc=ibm,dc=com" bindmethod=simple starttls=yes tls_reqcert=allow credentials=G00gle# searchbase="dc=ibm,dc=com" type=refreshAndPersist retry="5 5 300 +" interval=00:00:00:10
syncrepl rid=222 provider=ldap://mmprod05 binddn="cn=Manager,dc=ibm,dc=com" bindmethod=simple starttls=yes tls_reqcert=allow credentials=G00gle# searchbase="dc=idm,dc=com" type=refreshAndPersist retry="5 5 300 +" interval=00:00:00:10
mirrormode TRUE
cachesize 100000 idlcachesize 300000 lastmod on checkpoint 128 15 concurrency 100
directory /apps/openldap/var/openldap-data
overlay unique unique_attributes mail
overlay ppolicy ppolicy_default "cn=default,ou=pwdPolicy,dc=idm,dc=com"
ppolicy_use_lockout
DB_CONFIG
set_cachesize 0 4294967295 0 set_lg_regionmax 2048576 set_lg_max 20485760 set_lg_bsize 2097152 set_lk_max_locks 10000 set_lk_max_objects 5000 set_lk_max_lockers 5000
My querries are:-
1. What should be taken care(Best Practices). 2. Data migration can be db_hotbackup will work? 3. Can same flat file method be used, if not what could be the way should work out.
4. any thing else i should be aware and is critical.
openldap-technical@openldap.org
-
anil beniwal