OpenLDAP 2.4 to 2.6 upgrade

OpenLDAP >= 2.5 drops Berkeley DB based hdb and bdb backends support. Backend upgrade – preferably to mdb – is required before version upgrade.

Below instructions are given for slapd.conf deployments. For slapd-config deployments the config database must be exported via slapcat, config export modified as required, then resulting config database imported.

Upstream documentation: Upgrading from 2.4.x

Backup database and configuration

BASH
/etc/init.d/slapd stop
cp -a /etc/openldap /etc/openldap-2.4
slapcat -f /etc/openldap/slapd.conf > /var/backups/openldap/slapcat-2.4.ldif
mv /var/lib/openldap-data /var/lib/openldap-data-2.4

Migrate to mdb backend

Replace backend module and set database type:

FILE:/etc/openldap/slapd.conf
...
# moduleload  back_hdb.so
moduleload  back_mdb.so
...
database       mdb
...

Restore database and convert config to directory format (in that order):

BASH
mkdir /var/lib/openldap-data
chmod --reference /var/lib/openldap-data-2.4 /var/lib/openldap-data
slapadd -f /etc/openldap/slapd.conf -l /var/backups/openldap/slapcat-2.4.ldif
find /var/lib/openldap-data/ -exec chown --reference /var/lib/openldap-data {} \;
cp -a /var/lib/openldap-data-2.4/.keep_* /var/lib/openldap-data/

rm -r /etc/openldap/slapd.d/*
slaptest -f slapd.conf -F slapd.d

/etc/init.d/slapd start

Verify if LDAP dependent services work like before migration – they should.

Upgrade to 2.6

Before upgrade:

BASH
emerge -1av openldap
dispatch-conf

Remove ppolicy overlay, which is now implemented internally:

FILE:/etc/openldap/slapd.conf
...
#include    /etc/openldap/schema/ppolicy.schema
...

Once again rebuild directory config:

BASH
rm -r /etc/openldap/slapd.d/*
slaptest -f slapd.conf -F slapd.d