Re: Migrating from slapd 2.3 to 2.4

[Nick Milas <nick@eurobjects.com>]

On 21/5/2012 7:44 ÎÎ, Nick Milas wrote:

> Are you sure? Mine were migrated fine.
>
> They lie in the {0}config (i.e. in the config root) branch.

Sorry, they lie in the config branch, not in the {0}config branch.

Here is my config root branch:

DN: cn=config
objectClass: olcGlobal
cn: config
olcAllows: bind_v2
olcArgsFile: /usr/local/openldap/var/run/slapd.args
olcAttributeOptions: lang-
olcAuthzPolicy: none
olcConcurrency: 0
olcConfigDir: slapd.d
olcConfigFile: slapd.conf
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcGentleHUP: FALSE
olcIdleTimeout: 0
olcIndexIntLen: 4
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcLocalSSF: 71
olcLogLevel: Sync
olcPidFile: /usr/local/openldap/var/run/slapd.pid
olcReadOnly: FALSE
olcSaslSecProps: noplain,noanonymous
olcSizeLimit: unlimited
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
olcTimeLimit: unlimited
olcTLSCACertificateFile: /usr/local/openldap/etc/openldap/certs/chain.pem
olcTLSCertificateFile: /usr/local/openldap/etc/openldap/certs/cert.pem
olcTLSCertificateKeyFile: /usr/local/openldap/etc/openldap/certs/priv.pem
olcTLSCipherSuite: HIGH:MEDIUM:+SSLv2
olcTLSCRLCheck: none
olcTLSVerifyClient: never
olcToolThreads: 1
olcWriteTimeout: 0

I agree with Quanah on using a non-system LDAP package; of those I have 
worked with, I would propose you try using Symas Silver (excluding 
syncrepl providers - if you cannot afford paid support - otherwise check 
gold), or full-featured LTB project's RPMs (free, with on-line issue 
system). (We use the latter.)

Buchan's RPMs are fine too, but availability is sometimes limited and 
updates slower. There are surely other RPMs and/or SRPMs around.

This way you can upgrade at will and fully control your system.

It'll take you some time in the beginning to setup things fully (since 
non-default system paths are used), but you'll not regret it.

Nick