[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Changing the DN of an OpenLDAP server

And, when it's time to ditch the old 'DN' all together, search/replace all instances of the old DN with the new DN on a slapcat output, wipe your DB, and slapadd the new version.

- chris

Chris Jacobs, Systems Administrator
Apollo Group  |  Apollo Marketing | Aptimus
2001 6th Ave Ste 3200 | Seattle, WA 98121
phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661
email: chris.jacobs@apollogrp.edu

----- Original Message -----
From: openldap-technical-bounces@OpenLDAP.org <openldap-technical-bounces@OpenLDAP.org>
To: Troy Telford <ttelford.groups@gmail.com>
Cc: openldap-technical@openldap.org <openldap-technical@openldap.org>
Sent: Sat Jul 17 07:41:42 2010
Subject: Re: Changing the DN of an OpenLDAP server

> I've recently needed to change my domain name.
> My OpenLDAP server is currently set to use "dc=master,dc=some,dc=com"
> And I need to change it to "dc=master,dc=other,dc=com"
> Obviously, the clients will need to be updated as well, but I need to
> start with the server.
> I haven't been too successful in finding how to do this; I suspect I'm
> just using the wrong search terms.  Where can I find the documentation
> that explains how to do this?

Not sure what you mean by "changing the DN"; do you already have a
configured database with the old suffix, and you want to change it to
something else?  If the database is empty, you only need to change it (if
you use slapd.conf edit it and change the "suffix" statement and any
related statement, e.g. rootdn and ACLs; if you use back-config modify the
olcSuffix and related statements using e.g. ldapmodify).

If it contains data, you'll need to export data with slapcat, then edit
the resulting LDIF to reflect the change, then reconfigure slapd like in
the above case, and finally reload the modified data.

A "safe" interim approach would be to leave the database with the old
suffix in place, and use an instance of back-relay to produce a virtual
view of the old database with the new suffix, so that old and new
applications can coexist with consistent data.


This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.