[Date Prev][Date Next] [Chronological] [Thread] [Top]

Migration from openldap 2.4.20 to 2.4.33



Hi

We are planing migration from openldap 2.4.20 (with bdb 4.8) to openldap 2.4.33 (bdb 5.1.29)

No of  users are 4 million and about to go live within next 10 days.

We are using flat file for configuration in use.

Below is my slapd.conf and DB_CONFIG files

include        /apps/openldap/etc/openldap/schema/core.schema
include        /apps/openldap/etc/openldap/schema/cosine.schema
include        /apps/openldap/etc/openldap/schema/nis.schema
include        /apps/openldap/etc/openldap/schema/inetorgperson.schema
include        /apps/openldap/etc/openldap/schema/openldap.schema
include        /apps/openldap/etc/openldap/schema/dyngroup.schema
include        /apps/openldap/etc/openldap/schema/ppolicy.schema
include        /apps/openldap/etc/openldap/schema/channelIdentifier.schema
include        /apps/openldap/etc/openldap/schema/platform.schema
include        /apps/openldap/etc/openldap/schema/extendedProfileKey.schema
include        /apps/openldap/etc/openldap/schema/extendedProfileValue.schema
include        /apps/openldap/etc/openldap/schema/behaviorKey.schema
include        /apps/openldap/etc/openldap/schema/behaviorValue.schema
include        /apps/openldap/etc/openldap/schema/questionAnswer.schema
include        /apps/openldap/etc/openldap/schema/extendedTop.schema
include        /apps/openldap/etc/openldap/schema/counter.schema



pidfile        /apps/openldap/var/run/slapd.pid
argsfile    /apps/openldap/var/run/slapd.args


logfile /apps/logs/ldap
loglevel 16640


database    bdb
suffix        "dc=ibm,dc=com"


access to attrs=userPassword
      by self     write
      by anonymous auth
      by * break          
                 
access to *
    by group/groupOfUniqueNames/uniqueMember.exact="cn=VWrite,ou=businessUsersGroup,dc=ibm,dc=com" manage
    by group/groupOfUniqueNames/uniqueMember.exact="cn=VRead,ou=businessUsersGroup,dc=ibm,dc=com" read
    by * break

access to *
      by self       write
      by anonymous  auth
      by *          read    


rootdn        "cn=Manager,dc=ibm,dc=com"

rootpw  {SSHA}dXDFSQeFjSoa/A1HfJ3TAzYf8

##################  SSL  ##########################################
#
#TLSVerifyClient         allow
TLSCipherSuite HIGH:MEDIUM:+SSLv3
TLSCACertificateFile /apps/openldap/etc/openldap/cacerts/nascarcacert.pem
TLSCertificateFile /apps/openldap/etc/openldap/cacerts/sj.crt
TLSCertificateKeyFile /apps/openldap/etc/openldap/cacerts/sj.key
#

index entryCSN eq
index entryUUID eq
index mail,uid,postalCode,smail,channelType,channelValue,answer,behavName,objectclass,tokenID,type eq
index givenName,sn,city,question,behavValue,cn,extName sub
index displayName approx

overlay syncprov
syncprov-checkpoint 100 10  
syncprov-sessionlog 100

serverid        3

syncrepl        rid=111
                provider=ldap://mmprod04
                binddn="cn=Manager,dc=ibm,dc=com"
                bindmethod=simple
                starttls=yes
                tls_reqcert=allow
        credentials=G00gle#
                searchbase="dc=ibm,dc=com"
                type=refreshAndPersist
                retry="5 5 300 +"
                interval=00:00:00:10

syncrepl        rid=222
                provider=ldap://mmprod05
                binddn="cn=Manager,dc=ibm,dc=com"
                bindmethod=simple
                starttls=yes
                tls_reqcert=allow
        credentials=G00gle#
                searchbase="dc=idm,dc=com"
                type=refreshAndPersist
                retry="5 5 300 +"
                interval=00:00:00:10

mirrormode TRUE

cachesize 100000
idlcachesize 300000
lastmod         on
checkpoint 128 15
concurrency 100

directory    /apps/openldap/var/openldap-data

overlay unique
unique_attributes mail

overlay ppolicy
ppolicy_default "cn=default,ou=pwdPolicy,dc=idm,dc=com"

ppolicy_use_lockout

DB_CONFIG

set_cachesize   0       4294967295      0
set_lg_regionmax        2048576
set_lg_max              20485760
set_lg_bsize            2097152
set_lk_max_locks 10000
set_lk_max_objects 5000
set_lk_max_lockers 5000


My querries are:-

1. What should be taken care(Best Practices).
2. Data migration can be db_hotbackup will work?
3. Can same flat file method be used, if not what could be the way should work out.

4. any thing else i should be aware and is critical.
--

Thanks&Regards
Anil Beniwal