[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Switch OpenLDAP backend database from HDB to MDB

To: "SHarbich@t-online.de" <SHarbich@t-online.de>
Subject: Re: Switch OpenLDAP backend database from HDB to MDB
From: Ryan Tandy <ryan@nardis.ca>
Date: Sat, 12 Jan 2019 11:00:21 -0800
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-disposition: inline
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nardis.ca; s=google; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to:user-agent; bh=ogMxkx+At0DZO4+XAOtDasHPKqREz7o23k98dlTNEEM=; b=A97uSRAKwFh/uAN2No7DeNtF0raCb3PC1NBMVZ1IWV6Ea8ztqrA0P4zsefSWdEJEsv HZv30eDK6EP3IrjPgK9aUUTVBkekewpvONA4CpjcfYqBOjdm6LvYcZK9m7GQTd69rPEU 1mzlYxTGhT9S7XYsk93wksZtmYk/252mx07HU=
In-reply-to: <1547244813804.3737683.6d87490f4646d239a40b99efde9b11bad43a1ef9@spica.telekom.de>
Mail-followup-to: "SHarbich@t-online.de" <SHarbich@t-online.de>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
References: <1547244813804.3737683.6d87490f4646d239a40b99efde9b11bad43a1ef9@spica.telekom.de>
User-agent: NeoMutt/20170113 (1.7.2)

On Fri, Jan 11, 2019 at 11:13:33PM +0100, SHarbich@t-online.de wrote:

nice slapcat -n 0 > ${BACKUP_PATH}/config.ldif
nice slapcat -n 1 > ${BACKUP_PATH}/meinedomain.local.ldif
cp -rp /var/lib/ldap /var/lib/ldap.bak
cp -rp /etc/ldap/slapd.d /etc/ldap/slapd.d.bak

Modify entries in these two dates with a text editor from hdb to mdb.

You should only need to edit the config ldif. The data shouldn't needany changes.

Note that the database config attributes for hdb and mdb differ a littlebit. For example you should configure olcDbMaxSize for mdb.

Stop the OpenLDAP service
sudo systemctl stop sldap.service

I would personally do that before dumping, just to make sure you don'tmiss any changes :) but slapcat while slapd is running is fine too.

Delete the directories of the LDAP tree
rm -r /var/lib/ldap /etc/ldap/slapd.d

Rebuild the LDAP database
sudo dpkg-reconfigure slapd

In the options select the database MDB and leave everything else as before.

No need to run dpkg-reconfigure. All it does is re-initialize/etc/ldap/slapd.d and /var/lib/ldap with the default contents; but you'dhave to stop slapd and delete those before adding back your own anyway.

Just delete the contents out of those directories, leaving them empty,and with the existing ownership/permissions:


 find /etc/ldap/slapd.d /var/lib/ldap -mindepth 1 -print
 find /etc/ldap/slapd.d /var/lib/ldap -mindepth 1 -delete

then fix up your config LDIF and slapadd everything back.

If there is a mistake in your config and slapadd fails, delete thepartial content out of slapd.d before trying again.

Then restore the LDAP tree.
sudo slapadd -F /etc/ldap/slapd.d -n 0 -l ${BACKUP_PATH}/config.ldif
sudo slapadd -F /etc/ldap/slapd.d -n 1 -l ${BACKUP_PATH}/meinedomain.local.ldif

Correct. Note that the directories /etc/ldap/slap.d and /var/lib/ldapshould be emptied before doing this.


Hope this helps,
Ryan

References:
- Switch OpenLDAP backend database from HDB to MDB
  - From: "SHarbich@t-online.de" <SHarbich@t-online.de>

Prev by Date: Switch OpenLDAP backend database from HDB to MDB
Next by Date: OpenLDAP Proxy - user authentification problem
Index(es):
- Chronological
- Thread