Migrating from Debian Jessie (openldap 2.4.40) to Debian Buster (openldap 2.4.47), I came across a few bumps but the last one is just baffling.
First issue: ldapsearch does not return all attributes by default - you have to list them explicitly:
ldapsearch -Y EXTERNAL -H ldapi:/// -b "ou=contacts,<BASE>" -LLL -o ldif-wrap=no "*" \
givenName sn cn mail telephoneNumber mail mobile facsimileTelephoneNumber dn sn title \
o l postalAddress postalCode pager homePhone homePostalAddress jpegPhoto labeledURI \
description manager businessCategory physicalDeliveryOfficeName objectClass uid \
> 2020-07-15-contacts.ldif
Second issue: it appears that openldap base64 encodes values that contain special characters, so found some Perl-foo to automatically decode those values. Following that, the double colons '::' needed to be replaced with single colons ':', as the value was no longer encoded.
The third and yet unresolved issue is that the generated LDIF contains both the givenName and sn attributes for all entries in the LDIF, but those attributes are not present in the new openldap directory after an ldapadd:
ldapadd -c -Y EXTERNAL -H ldapi:/// -f 2020-07-15-contacts.ldif
The slapd logs show, for each entry in the addressbook:
conn=32243 op=14144 ADD dn="<DN>"
conn=32243 op=14144 RESULT tag=105 err=0 text=
(all other attributes are correctly imported)
