I don't have anything on the old server from the actual config files ...

---------- :: olcDatabase={1}hdb.ldif

# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.

# CRC32 93f87e7c

dn: olcDatabase={1}hdb

objectClass: olcDatabaseConfig

objectClass: olcHdbConfig

olcDatabase: {1}hdb

olcDbDirectory: /var/lib/ldap

olcSuffix: ou=people,o=emich.edu

olcAccess: {0}to attrs=userPassword by self write by * auth

olcAccess: {1}to attrs=shadowLastChange by self write by * read

olcAccess: {2}to attrs=userPKCS12 by self read by * none

olcAccess: {3}to * by * read

olcRootDN: cn=Administrator,ou=people,o=emich.edu

olcDbCacheSize: 10000

olcDbCheckpoint: 1024 5

olcDbConfig: {0}set_cachesize 0 15000000 1

olcDbConfig: {1}set_lg_regionmax 262144

olcDbConfig: {2}set_lg_bsize 2097152

olcDbConfig: {3}set_flags DB_LOG_AUTOREMOVE

olcDbConfig: {4}set_lk_max_locks 30000

olcDbConfig: {5}set_lk_max_objects 30000

olcDbIDLcacheSize: 30000

olcDbIndex: objectclass eq

olcDbIndex: uidNumber eq

olcDbIndex: gidNumber eq

olcDbIndex: member eq

olcDbIndex: memberUid eq

olcDbIndex: mail eq

olcDbIndex: cn eq,sub

olcDbIndex: displayName eq,sub

olcDbIndex: uid eq,sub

olcDbIndex: sn eq,sub

olcDbIndex: givenName eq,sub

structuralObjectClass: olcHdbConfig

entryUUID: b3baae2c-f8f6-1035-90eb-91daf978c9c3

creatorsName: cn=config

createTimestamp: 20160817184650Z

olcRootPW:: notapassword

entryCSN: 20160919185226.957088Z#000000#000#000000

modifiersName: cn=config

modifyTimestamp: 20160919185226Z

--------- :: olcDatabase={-1}frontend.ldif

# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.

# CRC32 3a908355

dn: olcDatabase={-1}frontend

objectClass: olcDatabaseConfig

olcDatabase: {-1}frontend

olcAccess: {0}to dn.base="" by * read

olcAccess: {1}to dn.base="cn=Subschema" by * read

structuralObjectClass: olcDatabaseConfig

entryUUID: b3baa54e-f8f6-1035-90e9-91daf978c9c3

creatorsName: cn=config

createTimestamp: 20160817184650Z

entryCSN: 20160817184650.166168Z#000000#000#000000

modifiersName: cn=config

modifyTimestamp: 20160817184650Z

Thanks, Matt

On Tue, Feb 7, 2023 at 3:15 PM Quanah Gibson-Mount quanah@fast-mail.org wrote:

--On Tuesday, February 7, 2023 10:55 AM -0500 Matthew Goebel mgoebel@emich.edu wrote:

...

dn: olcDatabase=mdb,cn=config

objectClass: olcDatabaseConfig

objectClass: olcMdbConfig

olcDatabase: mdb

olcDbMaxSize: 1073741824

olcSuffix: dc=my-domain,dc=com

olcRootDN: cn=Manager,dc=my-domain,dc=com

# Cleartext passwords, especially for the rootdn, should

# be avoided. See slappasswd(8) and slapd-config(5) for details.

# Use of strong authentication encouraged.

olcRootPW: PASSWORDNOTHERE

# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

olcDbDirectory: /usr/local/var/openldap-data

# Indices to maintain

olcDbIndex: objectClass eq

You should likely delete the above database definion, unless you really have a "dc=my-domain,dc=com" that you're serving. This just looks like the default one that's created by RH as an example. Note that this db doesn't allow any access either. ;)

...

dn: olcDatabase=mdb,cn=config

objectClass: olcDatabaseConfig

objectClass: olcMdbConfig

olcDatabase: mdb

olcDbDirectory: /var/lib/ldap

olcSuffix: ou=people,o=emich.edu

olcAccess: {0}to attrs=userPassword by self write by * auth

This should most likely be "by self write by anonymous auth by * none"

...

olcAccess: {1}to attrs=shadowLastChange by self write by * read

olcAccess: {2}to attrs=userPKCS12 by self read by * none

olcAccess: {3}to * by * read

I'm curious what your ACL definitions were for your 2.4 config (all ACLs including global).

...

# olcDbConfig: {0}set_cachesize 0 15000000 1

# olcDbConfig: {1}set_lg_regionmax 262144

# olcDbConfig: {2}set_lg_bsize 2097152

# olcDbConfig: {3}set_flags DB_LOG_AUTOREMOVE

# olcDbConfig: {4}set_lk_max_locks 30000

# olcDbConfig: {5}set_lk_max_objects 30000

Delete the above 'olcDbConfig' lines. Those were for back-bdb/hdb which doesn't exist in 2.5+