[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP migration from 2.3 to 2.4

To: openldap-technical@openldap.org
Subject: OpenLDAP migration from 2.3 to 2.4
From: jpb@bordengrammar.kent.sch.uk
Date: Fri, 18 Mar 2011 11:01:50 -0000 (UTC)
Importance: Normal
User-agent: SquirrelMail/1.4.8-5.el5.centos.3

Hi All,

I'm currently in the progress of moving from v2.3 to 2.4 and have been
following the procedure shown in the documentation for switching from the
old slapd.conf to the new cn= format, i.e. slaptest -f <path> -F path> .

If I copy over slapd.conf from my old server and run slapd -d 256 , it
starts perfectly and answers querires, etc..  If, on the other hand, I run
the slaptest command shown above I get the following:

<= str2entry(cn={1}core) -> 0x7fda53d38798
=> access_allowed: search access to "cn={1}core,cn=schema,cn=config"
"objectClass" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
olcAttributeTypes: value #0 olcAttributeTypes: Duplicate attributeType:
"2.5.4.2"
config error processing cn={1}core,cn=schema,cn=config: olcAttributeTypes:
Duplicate attributeType: "2.5.4.2"
send_ldap_result: conn=-1 op=0 p=0
send_ldap_result: err=80 matched="" text=""
slapd destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.


I've been around Google and have found no solutions.  My slapd.conf is
years old and was made according to the smbldap tutorial originally
written by IDEALX. The file is shown below and any info is welcome.

Thanks,

Julian


####slapd.conf ####

include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/samba.schema

database	bdb
directory	/var/lib/ldap
suffix		"dc=bordengrammar,dc=kent,dc=sch,dc=uk"
rootdn		"cn=Administrator,dc=bordengrammar,dc=kent,dc=sch,dc=uk"
sizelimit 	10000
idletimeout	3700


rootpw		{SSHA}<removed>

index		objectClass,uidNumber,gidNumber			eq
index		cn,sn,uid,displayName				pres,sub,eq
index		memberUid,mail,givenname			eq,subinitial
index		sambaSID,sambaPrimaryGroupSID,sambaDomainName	eq

# TLSCertificateFile /etc/openldap/cacerts/ldap.cert
# TLSCertificateKeyFile /etc/openldap/cacerts/ldap.key


access to attrs=userPassword,sambaLMPassword,sambaNTPassword
	by self write
	by anonymous auth
	by * none
access to *
	by * read

access to
attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdMustChange
	by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
	by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
	by dn="cn=nssldap,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
	by self write
	by anonymous auth
	by * none
access to
attrs=objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid
	by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
	by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
	by * read
access to
attrs=description,telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname
	by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
	by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
	by self write
	by * read
access to
attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName,sambaMungedDial,sambaBadPasswordCount,sambaBadPasswordTime,sambaPasswordHistory,sambaLogonHours,sambaSID,sambaSIDList,sambaTrustFlags,sambaGroupType,sambaNextRid,sambaNextGroupRid,sambaNextUserRid,sambaAlgorithmicRidBase,sambaShareName,sambaOptionName,sambaBoolOption,sambaIntegerOption,sambaStringOption,sambaStringListoption
	by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
	by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
	by self write
	by * read
access to dn.base="dc=bordengrammar,dc=kent,dc=sch,dc=uk"
	by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
	by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
	by * none
access to dn="ou=Users,dc=bordengrammar,dc=kent,dc=sch,dc=uk"
	by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
	by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
	by * none
access to dn="ou=Groups,dc=bordengrammar,dc=kent,dc=sch,dc=uk"
	by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
	by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
	by * none
access to dn="ou=Computers,dc=bordengrammar,dc=kent,dc=sch,dc=uk"
	by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
	by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
	by * none
access to *
	by dn="cn=slapmaster,ou=Users,dc=bordengrammar,dc=kent,dc=sch,dc=uk" read
	by self read
	by * none

Follow-Ups:
- Re: OpenLDAP migration from 2.3 to 2.4
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: Re: Schema Design :: ACL on Groups by Group Members only
Next by Date: Understanding back_perl SampleLDAP.pm
Index(es):
- Chronological
- Thread