The hardest part of the migration was, without any doubt, the LDAP part. There’s nearly no documentation so here’s a little howto.
First, you have to know that LDAP contains two differents layers. The first one is the « schema », which describes how your data will be put in your LDAP. The second layer are the data themselves. (The reason why LDAP cannot act like MySQL with everything in one place escapes my understanding).
In the good old days, it was rather easy. The schema were a big slapd.conf file. To make it dynamic, the slapd project switched to an slapd.d folder approach. This approach makes things very hard to understand and is nearly not documented at all !
Step 1 : dump your current content
No, you can’t have a slapdump command. Why ? It would be too easy. So do the following :
- sudo /etc/init.d/slapd stop
- sudo slapcat -l /root/ldapdump.raw
- sudo egrep -v ‘^entryCSN:’ < /root/ldapdump.raw > /root/ldapdump
The .raw file is not importable. Your real backup is then the ldapdump file.
Step 2 : Create your schema on your new server
Simply copying the slapd.d folder was not working for me. Fortunatly, I still had the old slapd.conf file and my schema didn’t change since then. How do you do if you don’t have the slapd.conf file ? I’ve no idea but I’m really interested by the answer.
So, assuming you still have the old slapd.conf file :
- sudo mkdir /etc/ldap/slapd.d
- sudo slaptest -f slapd.conf -F slapd.d
- sudo chown -R openldap:openldap slapd.d
Step 3 : import your datas
- sudo slapadd -l /root/ldapdump
- sudo chown openldap:openldap /var/lib/ldap/*
Voilà. sudo /etc/init.d/slapd start and it should work. Hope it was useful.
Vous avez aimé votre lecture ? Soutenez l’auteur sur Tipeee, Patreon, Paypal, Liberapay ou en millibitcoins 34pp7LupBF7rkz797ovgBTbqcLevuze7LF. Même un don symbolique fait toute la différence ! Retrouvons-nous ensuite sur Facebook, Twitter ou Mastodon.
Ce texte est publié sous la licence CC-By BE.