Symas OpenLDAP Knowledge Base

Upgrading LDAP 2.4 to 2.5

With each new upgrade, there are steps needed to be taken in order to structure the new database format without corrupting the original. In this case, we will discuss how to upgrade an existing LDAP database performing on 2.4 to a 2.6 update with minimal downtime. This ensures the customer in minimally effected by the lack of service by the server.

Upgrade Procedures

  1. slapcat the primary master’s data and config
  2. Install 2.5 and slapadd cn=config and the data onto ONE server (yes, we recognize it will be down for the duration.
  3. Add that server back into the cluster so it can start taking load,
  4. Do an mdb_copy as a backup.
  5. Stop the servers one at a time. Upgrade them to 2.5
  6. Use the backup of step #4 to reload their databases. mdb_copy is much faster than slapcat and slapadd.
    • The data directory of each must be cleared
    • The file produced by mdb_copy is then copied into that directory
    • The server can then be brought up

Important Reminders

When upgrading, it is important to keep in mind that it is a step by step process and should not be rushed. In order to maximize the success with minimal error, each server should be done one by one. Starting with a Consumer, the servers should be moved over one by one and tested. In this case, if one of the servers is not working properly, there are minimal rollbacks to commit and the integrity of the original structure is minimally effected.

Update Configuration Parameters

Due to different configurations, some of the configuration parameters are not compatible between 2.4 and 2.5. In order to allow 2.5 to work properly, some of the parameters will have to be adjusted. The suggested parameters are:

  • olcAutomaticGroups is replaced with olcAutoGroupConfig
  • olcAGattrSet is replaced with olcAutoGroupAttrSet
  • olcAGmemberOfAd is replaced with olcAutoGroupMemberOfAd

NOTE: This list may grow due to the vast amounts of organizational units that could be applied to a configuration.

Upgrading Using CentOS

When upgrading using CentOS, some previous versions of slapd.conf configuration create the path /var/run/openldap. Instead, the correct path is /var/symas/run and the slapd.conf file should be ammended to use the new path.