I want completely migrate whole database with conf, schema, ( everything ) from very old Debian 4 ( etch ) instance to new Debian 11 ( bullseye ).
Source system is running slapd 2.3.30 and destination slapd 2.4.57
I found few topics how to do it like for example this one: How to migrate LDAP to other computer
but this is not working in my case. I got such errors:
> slapcat -n 0 -l schema.backup.ldif
/etc/ldap/slapd.conf: line 183: rootdn is always granted unlimited privileges.
/etc/ldap/slapd.conf: line 193: rootdn is always granted unlimited privileges.
/etc/ldap/slapd.conf: line 202: rootdn is always granted unlimited privileges.
/etc/ldap/slapd.conf: line 231: rootdn is always granted unlimited privileges.
slapcat: could not open database
I also tried variations with -f pointing to /etc/ldap/slapd.conf and -F pointing to /etc/ldap/ directory switch but it does not help.
Backup done with just -n 1 switch is not importing to new server with error - this was expected:
> slapadd -l database.ldif
slapadd: line 1: database #1 (dc=localdomain) not configured to hold "dc=system,o=domain,c=com"; no database configured for that naming context
Closind DB...
Anyway even if it worked it will be missing whole configuration and schemas so this is not what I need.
I managed to dump on source old system with turned off slapd daemon just that backup:
> slapcat -l backup.ldif
Then I copied it with slapd.conf, schema files and certificates to new machine and run:
slaptest -f slapd.conf -F slapd.d/ -d 256
61264867 slapd.conf: line 150: <replogfile> keyword is obsolete (ignored)
61264867 slapd.conf: line 153: <replica> keyword is obsolete (ignored)
61264867 slapd.conf: line 183: rootdn is always granted unlimited privileges.
61264867 slapd.conf: line 193: rootdn is always granted unlimited privileges.
61264867 slapd.conf: line 202: rootdn is always granted unlimited privileges.
61264867 slapd.conf: line 231: rootdn is always granted unlimited privileges.
61264867 bdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap: (2).
Expect poor performance for suffix "dc=system,o=domain,c=pl".
61264867 bdb_db_open: database "dc=system,o=domain,c=pl": db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2).
61264867 backend_startup_one (type=bdb, suffix="dc=system,o=domain,c=pl"): bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch)
It does not look perfect but allowed me to import backup database:
# slapadd -l backup.ldif
612648c3 bdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap: (2).
Expect poor performance for suffix "dc=system,o=domain,c=com".
-#################### 100.00% eta none elapsed 21s spd 88.2 k/s
Closing DB...
Which looked nice. Anyway it's not starting, tried to debug it with -d 256 but there is nothing interesting in journalctl -xe just:
slapd[2728]: Starting OpenLDAP: slapd
slapd[2734]: failed!
I can slapcat that data but it does not run slapd daemon.
What else could I do? Maybe i did it wrong way?
Is there any universal good method to migrate whole OpenLDAP server to new machine?
Thanks for help :)
