upgrading¶
export tree to ldif file¶
Export the data using the tools from the old version.
when slapd is not running:
> slapcat > data.ldifwhen slapd is running (much slower):
> ldapsearch -x -LLL -z 0 -D "$dn" -W -b "$basedn" 'objectClass=*' '*' > data.ldif
Where $dn is the admin's dn, $basedn is the directory rootimport tree¶
Import the data using tools from the new version.
When slapd is not running (various examples):
# slapadd -f <ldap_config> -l <ldif_file> -b <basedn>
# slapadd -l data.ldif -b o=anarchy
slapadd¶
To make slapadd much faster:
/var/lib/ldap/DB_CONFIG:
# Just use this setting when doing slapadd...
set_flags DB_TXN_NOSYNC
set_flags DB_TXN_NOT_DURABLE
restricting access¶
By default, slapd is wide open allowing anyone to search it. You should be careful with the ACL, restrict access to ssl, and only allow certain hosts to connect. There are many ways to restrict which hosts may connect. Here is the super easy way:
/etc/hosts.allow:
slapd: allow.me.org 192.168.0.1 127.0.0.1/etc/hosts.deny:
slapd: ALL : DENYbase64 decode¶
Entries in LDIF format are often base64 encoded. How do you read them? Decode them:
LDIF:
userPassword:: c2VjcmV0
Decode:
echo "c2VjcmV0" | perl -MMIME::Base64 -ne 'print decode_base64($_) . "\n"'
Executing this command prints “secret” followed by a newline.
