Buchan,
The power of Virtual environments, I roled back to my pre 2.4 upgrade snapshot and went through this again, steps I followed (for anyones ref) is:
service ldap stop slapcat -f /etc/openldap/slapd.conf -b "dc=ldn,dc=sw,dc=com" -l /export/home/stuart/full_msldap01.ldif Managed to rpm -ev openldap-servers-overlays-2.3.43-3.el5 openldap-clients-2.3.43-3.el5 openldap-servers-2.3.43-3.el5 Had to leave openldap-2.3.43-3.el5 32&64-bit versions as they're in too deep. Removed the empty /usr/lib64/openldap directory which held 2.3 schemas and mv /var/lib/ldap to var/lib/ldap.23, mv /etc/openldap /etc/openldap.23
installed the 2.4 packages rpm -ivh lib64ldap2.4_2-2.4.22-1.el5.x86_64.rpm openldap2.4-2.4.22-1.el5.x86_64.rpm libldap2.4_2-2.4.22-1.el5.i386.rpm openldap2.4-2.4.22-1.el5.i386.rpm openldap2.4-clients-2.4.22-1.el5.x86_64.rpm openldap2.4-servers-2.4.22-1.el5.x86_64.rpm unixODBC-2.2.11-7.1.x86_64.rpm openldap2.4-extra-schemas-1.3-10.el5.noarch.rpm openldap2.4-servers-2.4.22-1.el5.x86_64.rpm
vi /etc/openldap2.4/slapd.conf /etc/openldap2.4/slapd.access.conf and remov ed unrequired schemas and samba references.
Imported data with slapadd2.4 -f /etc/openldap2.4/slapd.conf -l /export/home/stuart/full_msldap01.ldif
service ldap2.4 check - OK service ldap2.4 start - OK
All works and I can login against this LDAP server.
Now - Onto attempting use of slapo-memberof overlay, as mentioned by Quanah.
Thanks guys, I'm sure I'll be back with more questions.
Stuart.
> From: bgmilne@staff.telkomsa.net > To: stuart_cherrington@hotmail.co.uk > Subject: Re: OpenLDAP bespoke schema to use 'ismemberof' to restrict user access to hosts > Date: Wed, 5 May 2010 10:47:38 +0100 > CC: sjain@silverspringnet.com; openldap-technical@openldap.org > > On Wednesday, 5 May 2010 09:54:34 Stuart Cherrington wrote: > > Buchan, > > > > Thanks for these, I saw your email yesterday in reply to another thread so > > took them then :-) > > > > I've started an upgrade process by doing the following: > > > > shutdown ldap > > slapcat -f /etc/openldap/slapd.conf -b > > "dc=ldn,dc=sw,dc=com" -l /export/home/stuart/full_msldap01.ldif > > removed all files from /var/lib/ldap except DB_CONFIG file. > > I would rather keep them, and use a version-specific directory path in the > slapd.conf. > > > I couldn't remove the ldap 2.3 version packages as they're dependencies are > > mad, > > No, most likely you have some packages that depend on libldap-2.3.so.0 (have > been linked to it). This is precisely the reason I make the packages install > in parallel. > > > so left them in place and did an Install of the 2.4 packages. > > lib64ldap2.4_2-2.4.22-1.el5.x86_64.rpm, > > openldap2.4-2.4.22-1.el5.x86_64.rpm, libldap2.4_2-2.4.22-1.el5.i386.rpm, > > openldap2.4-2.4.22-1.el5.i386.rpm, > > openldap2.4-clients-2.4.22-1.el5.x86_64.rpm, > > openldap2.4-servers-2.4.22-1.el5.x86_64.rpm, > > unixODBC-2.2.11-7.1.x86_64.rpm, > > openldap2.4-extra-schemas-1.3-10.el5.noarch.rpm, > > openldap2.4-servers-2.4.22-1.el5.x86_64.rpm. updated the > > /etc/openldap2.4/sladp.conf and slapd.access.conf files to remove unwanted > > references to SAMBA, change domain, passwd etc. Ran the service ldap check > > until it was OK. > > Trying to re-load the ldif gave me some errors though: > > > > slapadd -f /etc/openldap2.4/slapd.conf -l > > /export/home/stuart/full_msldap01.ldif > > /usr/share/openldap2.4/schema/core.schema: > > line 100: AttributeType inappropriate SUPerior: "c" > > Did you over-write schema files from 2.4 with files from your 2.3 installation? > The 2.4 schema file has the attribute c on line 100 commented out, as it is > most likely built-in. > > > I found this line and decided to hash it out but then it failed on another > > Country attribute and another then another in cosine.schema, so have > > stopped hashing and started typing. > > > > Any reason why this would fail to like the 'c' AttributeType? > > Depends what you did to the schema files. > > $ rpm -Va openldap2.4-servers > > should not show any schema files having been modified .... > > > Regards, > Buchan
Get a free e-mail account with Hotmail. Sign-up now.
|