| View previous topic :: View next topic |
| Author |
Message |
slaterson
Guru
Joined: 26 Feb 2003
Posts: 313
|
 Posted: Thu Feb 02, 2023 6:01 pm Post subject: [solved] openldap and berkeley db backend |
 |
|
when doing a world update today, my openldap server was updated to openldap 2.6.3. with this version of openldap, berkeley db has been removed, which is what my openldap server uses. i found out when i tried to restart slapd on the server after the update and it failed stating the berkdb was not supported. i masked 2.6.3 and emerge 2.4.59, which has berkdb support, started slapd and it works fine with berkeley db. i didn't see any notice about berkeley db not being supported any longer, there are no news articles about it.
i am now searching for ways to migrate to mdb. can't find much of anything. any advice on how to do that? users were not able to login on my network while all this was happening, pretty destructive change imo.
(edit: fixed typo)
Last edited by slaterson on Sat Feb 11, 2023 8:13 pm; edited 2 times in total |
|
| Back to top |
|
 |
grknight
Retired Dev
Joined: 20 Feb 2015
Posts: 1649
|
| Posted: Thu Feb 02, 2023 6:42 pm Post subject: |
|
|
FWIW, there is old code in the ebuild to try to prevent losing access before building.
Looks like it wasn't tested against the removal of this support |
|
| Back to top |
|
|
slaterson
Guru
Joined: 26 Feb 2003
Posts: 313
|
| Posted: Thu Feb 02, 2023 8:31 pm Post subject: |
|
|
| grknight wrote: | FWIW, there is old code in the ebuild to try to prevent losing access before building.
Looks like it wasn't tested against the removal of this support |
thanks for the info. i made a typo in my previous post (will edit it after this) and should have stated that "i am NOW searching for ways to migrate to mdb"... any tips? if gentoo will no longer support berkeley db for openldap, i need to move off that backend. |
|
| Back to top |
|
|
grknight
Retired Dev
Joined: 20 Feb 2015
Posts: 1649
|
| Posted: Thu Feb 02, 2023 8:38 pm Post subject: |
|
|
| slaterson wrote: | | grknight wrote: | FWIW, there is old code in the ebuild to try to prevent losing access before building.
Looks like it wasn't tested against the removal of this support |
thanks for the info. i made a typo in my previous post (will edit it after this) and should have stated that "i am NOW searching for ways to migrate to mdb"... any tips? if gentoo will no longer support berkeley db for openldap, i need to move off that backend. |
Run old version to slapcat out the database. Backup then modify config for MDB. Restart server and slapadd in backup of database of step 1. Note: MDB is in 2.4 as well.
I know very little of OpenLDAP, but I hear this is a common path between versions.
Not sure if you should upgrade at the same time or not.
Edit: These are example upgrade instructions in the ebuild..
| Code: | d="$(date -u +%s)"
l="/root/ldapdump.${d}"
i="${l}.raw"
eerror " 1. /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. check that your data is intact."
eerror "11. set up the new replication system." |
This should not be verbatim but give a general direction with the hdb/bdb -> mdb config changes before doing slapadd |
|
| Back to top |
|
|
slaterson
Guru
Joined: 26 Feb 2003
Posts: 313
|
| Posted: Thu Feb 02, 2023 9:10 pm Post subject: |
|
|
this makes perfect sense. will give it a try by exporting my server, importing to another machine to ensure it works, then switching the prod server to mdb provided there are good results.
thanks! |
|
| Back to top |
|
|
Frautoincnam
Apprentice
Joined: 19 May 2017
Posts: 294
|
| Posted: Mon Feb 06, 2023 7:28 pm Post subject: |
|
|
| slaterson wrote: | this makes perfect sense. will give it a try by exporting my server, importing to another machine to ensure it works, then switching the prod server to mdb provided there are good results.
thanks! |
Hi,
I am in the same situation. Did you achieve a result?
If so, can you give a specific procedure to follow please? |
|
| Back to top |
|
|
slaterson
Guru
Joined: 26 Feb 2003
Posts: 313
|
| Posted: Mon Feb 06, 2023 9:46 pm Post subject: |
|
|
| Frautoincnam wrote: | | slaterson wrote: | this makes perfect sense. will give it a try by exporting my server, importing to another machine to ensure it works, then switching the prod server to mdb provided there are good results.
thanks! |
Hi,
I am in the same situation. Did you achieve a result?
If so, can you give a specific procedure to follow please? |
i haven't yet done this on my prod server. i did it on a backup server where ldap was installed. i exported from my prod server (which uses bdb backend), copied the file to the backup server which i configured to use mdb. i then ran the grep on the file from the prod server (as the steps included in the ebuild state) and imported on the backup server. it worked. i'm planning to switch my prod server soon, just need to find time to fix something that isn't broken right now (fixed by me masking openldap > 2.5 when this first came up). |
|
| Back to top |
|
|
sam_
Developer
Joined: 14 Aug 2020
Posts: 1677
|
| Posted: Wed Feb 08, 2023 1:54 am Post subject: |
|
|
| grknight wrote: | FWIW, there is old code in the ebuild to try to prevent losing access before building.
Looks like it wasn't tested against the removal of this support |
If you notice a defect in an ebuild, please report it on bugs.gentoo.org. Concerns can easily get lost on the forums.
Now, as for addressing this: I'll adjust the ebuild's check for handling berkdb being disabled. Not that I really know much about OpenLDAP either, only done minor bumps after asking maintainers who were around at the time. |
|
| Back to top |
|
|
sam_
Developer
Joined: 14 Aug 2020
Posts: 1677
|
| Posted: Fri Feb 10, 2023 12:32 am Post subject: |
|
|
| sam_ wrote: | | grknight wrote: | FWIW, there is old code in the ebuild to try to prevent losing access before building.
Looks like it wasn't tested against the removal of this support |
If you notice a defect in an ebuild, please report it on bugs.gentoo.org. Concerns can easily get lost on the forums.
Now, as for addressing this: I'll adjust the ebuild's check for handling berkdb being disabled. Not that I really know much about OpenLDAP either, only done minor bumps after asking maintainers who were around at the time. |
grknight filed bug 893646 for the remaining issues including the bad example config. robbat2's now fixed up those problems, so we should all be good now, I think.
These commits should help:
| Code: |
commit bf339dafe9121c8d4bfe8e5eba6d07e7b08127a2
Author: Robin H. Johnson <robbat2@gentoo.org>
Date: Thu Feb 9 15:47:49 2023 -0800
net-nds/openldap: tweak upgrade safety checks & default database backend for 2.6
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Closes: https://bugs.gentoo.org/893646
commit c7a2be13f19326cf632100f8ad8f325c340d5384
Author: Sam James <sam@gentoo.org>
Date: Wed Feb 8 01:54:30 2023 +0000
net-nds/openldap: adapt safety check for 2.4->2.6 upgrade
Drops berkdb.
See https://forums.gentoo.org/viewtopic-p-8775222.html.
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
| Back to top |
|
|
slaterson
Guru
Joined: 26 Feb 2003
Posts: 313
|
| Posted: Sat Feb 11, 2023 8:13 pm Post subject: |
|
|
| slaterson wrote: | | Frautoincnam wrote: | | slaterson wrote: | this makes perfect sense. will give it a try by exporting my server, importing to another machine to ensure it works, then switching the prod server to mdb provided there are good results.
thanks! |
Hi,
I am in the same situation. Did you achieve a result?
If so, can you give a specific procedure to follow please? |
i haven't yet done this on my prod server. i did it on a backup server where ldap was installed. i exported from my prod server (which uses bdb backend), copied the file to the backup server which i configured to use mdb. i then ran the grep on the file from the prod server (as the steps included in the ebuild state) and imported on the backup server. it worked. i'm planning to switch my prod server soon, just need to find time to fix something that isn't broken right now (fixed by me masking openldap > 2.5 when this first came up). |
i updated my production server today, using mdb now, and all is well. following the steps as i stated above. |
|
| Back to top |
|
|
|
Networking & Security
