Sunday, March 29, 2020

Migrate LDAP server from CentOS 6 to CentOS 7


Migrate LDAP server from CentOS 6 to CentOS 7



First It should need to install the openldap services. Run the below command to install it.
# yum -y install openldap openldap-clients openldap-servers openldap-devel


Start and enable the LDAP daemon from the boot.
# systemctl start slapd.service
# systemctl enable slapd.service


Then take the backup from the existing LDAP server. It is required to take configuration file backup (slapd.conf) and ldif database backup.
To take the ldif backup it is possible to use slapcat tool. Below command depicts the example of taking backup.
slapcat -n 1 -l /<dir_location>/Latest_2020.ldif
You must take the backup of slapd.conf file, but there might be changes need to do when you migrating it to the CentOS 7 operating systems. The major change I have done there is database type, changed from “bdb” to “mdb”. If you are using TLS for communication either you need to create new TLS certificate or you can take the old server key and related certificate from the locations. Rest of the configuration file can be placed as it is.
Then it should required to restore the ldif database. For that it should required to follow the given steps.
  • Stop the LDAP service. : systemctl stop slapd.service
  • Remove the existing databases in /var/lib/ldap directory : rm -rf /var/lib/ldap/*
  • The configuration file contain slapd.d directory, since this is not going to use in the live environment and we have already restore the slapd.conf file remove the slapd.d directory : rm -rf /etc/openldap/slapd.d
  • Then before restoring the ldif database start the slapd service : systemctl start slapd.service
  • Then try to restore with the ldapadd tool : ldapadd -x -D "cn=admin,dc=testdomain,dc=com" -f Latest-2020.ldif -W
It will prompt for the LDAP admin user password. Sometime due to old strings restore might not success. Error will produce the exact string which are not compatible with the latest openldap server. If it is the case remove the incompatible strings from the ldif file. Below command can be used for remove the incompatible strings.
sed '/structuralObjectClass/d' Latest-2020.ldif > mod.ldif
Then again it can run the restore command again. Once you successfully restore the LDAP database restart the slapd service.
systemctl restart slapd.service
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)