[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: need to recover slapd password and upgrade openldap

To: Aaron Richton <richton@nbcs.rutgers.edu>, dhyatt@wustl.edu
Subject: Re: need to recover slapd password and upgrade openldap
From: Dan Hyatt <dhyatt@dsgmail.wustl.edu>
Date: Tue, 26 Jul 2016 12:15:00 -0500
Cc: openldap-technical@openldap.org
In-reply-to: <alpine.SOC.2.02.1607242203580.12654@toolbox.rutgers.edu>
References: <869b5024-2266-4d85-b66d-ccb9803bd0b6@dsgmail.wustl.edu> <alpine.SOC.2.02.1607242203580.12654@toolbox.rutgers.edu>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0

So, a more simple question...

Can I install a current version of OpenLDAP on a current RedHat/Centosserver (specially built for this purpose.Then use slapcat to export the information from the old server, importit to the new server, where the admin password is not corrupt.

Can I import the schemas or are there likely substantial changes to theschemas across versions?

My goals are to create a new LDAP server running Centos/Redhat, transfer20 users and allow them to keep their existing passwords, allow them toaccess my servers, and allow them authentication to samba.

and create an LDAP slave (or cluster)
not sure if syncrepl is the current way to go.

I have root to the server, but I do not have the admin password to theOpenldap 2.2 as it became corrupted somehow.



On 07/24/2016 09:15 PM, Aaron Richton wrote:

On Fri, 22 Jul 2016, Dan Hyatt wrote:
My admin openLDAP 2.2 password became corrupt in the last week and Icannot
[...]
I found some instructions which seem simple risky and no backoutstrategy. Simply runninghttp://techiezone.rottigni.net/2011/12/change-root-dn-password-on-openldap/
That link (apparently from 2011) doesn't apply to your software from2003. There's no back-config in OpenLDAP 2.2. So don't try that...


@(#) $OpenLDAP: slapd 2.2.13 (Nov 26 2010 07:45:22) $
mockbuild@x86-003.build.bos.redhat.com:/builddir/build/BUILD/openldap-2.2.13/openldap-2.2.13/build-servers/servers/slapd

[...]
Having the LDAP on two separate hyper visors (with local disks) toavoid the storage/authentication chicken/egg
Is there a better upgrade plan
Are you saying that your one and only LDAP server uses itself for itsown A&A?

Authentication and Authorization?

The server provides authentication and authorization for my group. Theserver only does LDAP and home dirs.I want to upgrade it to Centos 6.8 or Centos 7 (that is equal to redhat6.8 or redhat 7) on a hypervisor with a slave running the currentfavored release.

[...]
I have the log files, is there a way to backout to last week withoutthe admin password (which became corrupt last week).
I'm not sure what you're referring to by "log files." The general-caseOpenLDAP backup tool is slapcat(8). Hopefully you have been running itroutinely. The resulting LDIF can be easily inspected; if you haveenough backups, you might even be able to find one without corruption.

We took over responsibility the LDAP in December, there was not a happyhandoff... no documenation..just the password and had to move it to thenew VLAN.

Follow-Ups:
- Re: need to recover slapd password and upgrade openldap
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

References:
- need to recover slapd password and upgrade openldap
  - From: Dan Hyatt <dhyatt@dsgmail.wustl.edu>
- Re: need to recover slapd password and upgrade openldap
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

Prev by Date: Re: sizelimit
Next by Date: Re: sizelimit
Index(es):
- Chronological
- Thread