1

I want completely migrate whole database with conf, schema, ( everything ) from very old Debian 4 ( etch ) instance to new Debian 11 ( bullseye ).

Source system is running slapd 2.3.30 and destination slapd 2.4.57

I found few topics how to do it like for example this one: How to migrate LDAP to other computer but this is not working in my case. I got such errors:

> slapcat -n 0 -l schema.backup.ldif
/etc/ldap/slapd.conf: line 183: rootdn is always granted unlimited privileges.
/etc/ldap/slapd.conf: line 193: rootdn is always granted unlimited privileges.
/etc/ldap/slapd.conf: line 202: rootdn is always granted unlimited privileges.
/etc/ldap/slapd.conf: line 231: rootdn is always granted unlimited privileges.

slapcat: could not open database

I also tried variations with -f pointing to /etc/ldap/slapd.conf and -F pointing to /etc/ldap/ directory switch but it does not help.

Backup done with just -n 1 switch is not importing to new server with error - this was expected:

> slapadd -l database.ldif
slapadd: line 1: database #1 (dc=localdomain) not configured to hold "dc=system,o=domain,c=com"; no database configured for that naming context
Closind DB...

Anyway even if it worked it will be missing whole configuration and schemas so this is not what I need.

I managed to dump on source old system with turned off slapd daemon just that backup:

> slapcat -l backup.ldif

Then I copied it with slapd.conf, schema files and certificates to new machine and run:

slaptest -f slapd.conf -F slapd.d/ -d 256
61264867 slapd.conf: line 150: <replogfile> keyword is obsolete (ignored)
61264867 slapd.conf: line 153: <replica> keyword is obsolete (ignored)
61264867 slapd.conf: line 183: rootdn is always granted unlimited privileges.
61264867 slapd.conf: line 193: rootdn is always granted unlimited privileges.
61264867 slapd.conf: line 202: rootdn is always granted unlimited privileges.
61264867 slapd.conf: line 231: rootdn is always granted unlimited privileges.
61264867 bdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap: (2).
Expect poor performance for suffix "dc=system,o=domain,c=pl".
61264867 bdb_db_open: database "dc=system,o=domain,c=pl": db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2).
61264867 backend_startup_one (type=bdb, suffix="dc=system,o=domain,c=pl"): bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch)

It does not look perfect but allowed me to import backup database:

# slapadd -l backup.ldif
612648c3 bdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap: (2).
Expect poor performance for suffix "dc=system,o=domain,c=com".
-#################### 100.00% eta   none elapsed             21s spd  88.2 k/s
Closing DB...

Which looked nice. Anyway it's not starting, tried to debug it with -d 256 but there is nothing interesting in journalctl -xe just:

slapd[2728]: Starting OpenLDAP: slapd
slapd[2734]:  failed!

I can slapcat that data but it does not run slapd daemon.

What else could I do? Maybe i did it wrong way?

Is there any universal good method to migrate whole OpenLDAP server to new machine?

Thanks for help :)

mike
  • 241
  • 2
  • 6
  • Could you check the /etc/ldap/slapd.conf file and check the error lines (183, 193, 202, 231). The slapd is apparentely not completely configured and do not accept your import – Dom Aug 25 '21 at 11:31
  • This errors are related to access sections and it's only warning that there are that ACLs but it does not matter because rootdn has always unlimited privileges. It's export :) – mike Aug 25 '21 at 11:38

0 Answers0