February 18, 2012

OpenLDAP after upgrading debian


Long story short: my friend upgraded his debian server, and asked me to help him upgrading OpenLDAP (slapd), because it didn't start. Not that I was a big expert of slapd - on the contrary - but I was the one who configured it for the first time, maybe I could make it fly again.

Started restarting slapd (/etc/init.d/slapd restart), no success. Let's read the logs. Syslog entry:

bdb(dc=future,dc=neologik,dc=hu): Program version 4.8 doesn't match environment version 0.66

OK, let's Google. Found a couple of posts of I need to upgrade the database (quite funny, the "environment version" refers to the database version, duh?), but all the dbX.X_upgrade tools said the same as slapd, about the not matching versions.

OK, let's Google, round 2. Finally found a post(1) talking about bumping into the same issues, and found no other solution than re-importing the LDAP data from an .ldif file. Fortunately, the good guys at debian made the upgrade script so it creates a backup .ldif file in /var/backups.

So, I've purged slapd to have a clean start, reconfigured the domain and the admin password (not going into the details, if you are reading this post, you know how to install/purge a package in debian ;) and tried to run:
ldapadd -h localhost -x -W -D "cn=admin,dc=example,dc=com" -c -f backup.ldif

Asked me for the admin password, gave it, then it said a couple times:

adding new entry "dc=host,dc=example,dc=com"
ldap_add: Constraint violation (19)
additional info: structuralObjectClass: no user modification allowed

What the heck? OK, Google.... finally found a post(2) explaining that certain entries must be removed from the ldif file before import. Thanks to the poster, there's even a command provided I didn't have to spend time with search & replace:

$ cat > ldapadd.sed <<EOF
/^creatorsName:/d
/^createTimestamp:/d
/^modifiersName:/d
/^modifyTimestamp:/d
/^structuralObjectClass:/d
/^entryUUID:/d
/^entryCSN:/d
EOF

$ cat backup.ldif | sed -f ldapadd.sed > bacon.ldif

After this, running ldapadd with bacon.ldif instead of backup.ldif did the trick and imported all the entries into LDAP.

ldapadd -h localhost -x -W -D "cn=admin,dc=example,dc=com" -c -f bacon.ldif

Thanks to the authors of the original posts, and the authors of debian and OpenLDAP.


Links:


3 comments: