RE: [EXTERNAL] how to migrate an openldap server to a new linux server
--On Wednesday, March 27, 2024 1:07 AM + xpzhang1...@gmail.com wrote: I did ldapsearch to export schema from source ldap server, cmd is: ldapsearch -x -LLL -H "ldap://xxx:389; -D "cn=admin,ou=AdminUsers,dc=example,dc=com" -W -b "cn=schema" -o ldif-wrap=no > source-schema.ldif but ldapadd this ldif to target server still report: [root@phx-ldap-ol8 openldap]# ldapadd -H ldap:/// -D "cn=admin,dc=oracle,dc=com" -W -f /tmp/source-schema.ldif adding new entry "dc=example,dc=com" ldap_add: Object class violation (65) That will not give you schema usable for ldapadd. --Quanah
RE: [EXTERNAL] how to migrate an openldap server to a new linux server
I did ldapsearch to export schema from source ldap server, cmd is: ldapsearch -x -LLL -H "ldap://xxx:389; -D "cn=admin,ou=AdminUsers,dc=example,dc=com" -W -b "cn=schema" -o ldif-wrap=no > source-schema.ldif but ldapadd this ldif to target server still report: [root@phx-ldap-ol8 openldap]# ldapadd -H ldap:/// -D "cn=admin,dc=oracle,dc=com" -W -f /tmp/source-schema.ldif adding new entry "dc=example,dc=com" ldap_add: Object class violation (65) additional info: no objectClass attribute How to get schema defined in target server??
RE: [EXTERNAL] how to migrate an openldap server to a new linux server
--On Tuesday, March 26, 2024 11:57 PM + xpzhang1...@gmail.com wrote: I gave a try like this way: I installed an openldap 2.6 as target server, started it up with initial slapd.ldif. Then I tried to ldapadd entries that exported from source server, but failed on the first entry, error message: the ldif file like: dn: dc=example,dc=com dc: example objectClass: top objectClass: domain objectClass: nisDomainObject nisDomain: example.com What's wrong with objectClass?? You're missing the schema that defines it. --Quanah
RE: [EXTERNAL] how to migrate an openldap server to a new linux server
I gave a try like this way: I installed an openldap 2.6 as target server, started it up with initial slapd.ldif. Then I tried to ldapadd entries that exported from source server, but failed on the first entry, error message: [root@ldap-ol8 openldap]# ldapadd -H ldap:/// -D "cn=admin,dc=example,dc=com" -W -f /tmp/test.ldif adding new entry "dc=example,dc=com" ldap_add: Invalid syntax (21) additional info: objectClass: value #1 invalid per syntax the ldif file like: dn: dc=example,dc=com dc: example objectClass: top objectClass: domain objectClass: nisDomainObject nisDomain: example.com What's wrong with objectClass??
Re: [EXTERNAL] how to migrate an openldap server to a new linux server
On 2024-03-25 10:42, xpzhang1...@gmail.com wrote: Tech Folks, thanks for your replies. There are too many unknowns for anyone to give you much help in creating a new LDAP instance. What OS? What version of OpenLDAP? Do you have full access to the directory data using LDAP, i.e. what credentials are you using and what ACLs are in place? Do you have a backup of the system? In real world, we often face such tasks to take over a thing that not belong to you, and you even only have limited access to that thing. Do you have physical access to the system? If the system is Linux and and you have access to the console it is a simple thing to reboot the system using init=/bin/bash, set the root password, and then reboot the system normally. Once you have root access you can do whatever you need, e.g. create user accounts, install ssh, etc. But, this really is just a normal system management task and not on topic for this distribution list. Is there a way figuring out configuration, schema, and etc from ldif files generated by ldapsearch from source server? then to configure a fresh target openldap server with those information to have the target server exactly same as source server? Once you can use slapcat everything gets easy. It would be best to gain root access to the system. Bill -- My heart is warm with the friends I make, And better friends I'll not be knowing, Yet there isn't a train I wouldn't take, No matter where it's going. Edna St Vincent Millay
RE: [EXTERNAL] how to migrate an openldap server to a new linux server
--On Monday, March 25, 2024 6:42 PM + xpzhang1...@gmail.com wrote: Tech Folks, thanks for your replies. In real world, we often face such tasks to take over a thing that not belong to you, and you even only have limited access to that thing. Is there a way figuring out configuration, schema, and etc from ldif files generated by ldapsearch from source server? then to configure a fresh target openldap server with those information to have the target server exactly same as source server? You can query the cn=subschema entry for the server schema, but that doesn't mean all the schema returned is in use. However, without having the server configuration (including what overlays, etc, are in use) you cannot reproduce the server functionality. IF it exposes the configuration via cn=config with ldapsearch, then you could get the configuration that way. Without the configuration, you could be missing critical pieces such as password policies, uniqueness constraints, etc. You also have no idea whether or not your "ldapsearch" output includes the full database or only a portion of the database (or even just portions of entries) since you have no idea what limitations via ACLs have been placed on your search. Regards, Quanah
RE: [EXTERNAL] how to migrate an openldap server to a new linux server
Tech Folks, thanks for your replies. In real world, we often face such tasks to take over a thing that not belong to you, and you even only have limited access to that thing. Is there a way figuring out configuration, schema, and etc from ldif files generated by ldapsearch from source server? then to configure a fresh target openldap server with those information to have the target server exactly same as source server? Thanks!
RE: [EXTERNAL] how to migrate an openldap server to a new linux server
In several organizations where I worked without root access, I requested sudo permissions for slapcat. But to not have a shell, that makes life more difficult. Maybe you could get root to set up a cron to dump the extract using slapcat and deliver it somehow. Chris Paul | https://www.rexconsulting.net
RE: [EXTERNAL] how to migrate an openldap server to a new linux server
--On Monday, March 25, 2024 4:51 PM + xpzhang1...@gmail.com wrote: Because port 22 is not open, I can't ssh or rlogin to the server. only can run ldapsearch such client commands. nmap to the server only see port 389 and 636 open. I don't know how the server owner maintain, startup/stop the server. The only way to get a known good backup of the server is to be able to log into the server so you can obtain not only the database, but also the slapd configuration. Since you lack access to this system, it sounds like you're not supposed to have that level of access. --Quanah
RE: [EXTERNAL] how to migrate an openldap server to a new linux server
This is sounding pretty shady. It sounds like it isn’t your data. From: xpzhang1...@gmail.com Sent: Monday, March 25, 2024 11:51 AM To: openldap-technical@openldap.org Subject: RE: [EXTERNAL] how to migrate an openldap server to a new linux server Because port 22 is not open, I can't ssh or rlogin to the server. only can run ldapsearch such client commands. nmap to the server only see port 389 and 636 open. I don't know how the server owner maintain, startup/stop the server. Because port 22 is not open, I can't ssh or rlogin to the server. only can run ldapsearch such client commands. nmap to the server only see port 389 and 636 open. I don't know how the server owner maintain, startup/stop the server.
RE: [EXTERNAL] how to migrate an openldap server to a new linux server
Because port 22 is not open, I can't ssh or rlogin to the server. only can run ldapsearch such client commands. nmap to the server only see port 389 and 636 open. I don't know how the server owner maintain, startup/stop the server.
RE: [EXTERNAL] how to migrate an openldap server to a new linux server
Why is it not accessible? It sounds like that is the 1st problem you need to solve. You can add an ldapi to the startup. From: xpzhang1...@gmail.com Sent: Saturday, March 23, 2024 3:34 PM To: openldap-technical@openldap.org Subject: RE: [EXTERNAL] how to migrate an openldap server to a new linux server the problem here is that source openldap server only have port 389 opened, it is not accessible, not able to run slapcat. the problem here is that source openldap server only have port 389 opened, it is not accessible, not able to run slapcat.
RE: [EXTERNAL] how to migrate an openldap server to a new linux server
the problem here is that source openldap server only have port 389 opened, it is not accessible, not able to run slapcat.
RE: [EXTERNAL] how to migrate an openldap server to a new linux server
I would backup the database from the old server and restore it to the new one.
Old Server
{PATH}openldap/sbin/slapcat -n 0 – {PATH}/openldap/etc/openldap/slapd.d -l
{PATH}/slapd.d.ldif
{PATH}openldap/sbin/slapcat -b {BASE DN} -F
{PATH}/openldap/etc/openldap/slapd.d -l {PATH}/config.ldif
Copy ldif
New Server
mkdir {PATH}l/openldap/etc/openldap/slapd.d
{PATH}openldap/sbin/slapadd -b {BASE_DN} -F
{PATH}/openldap/etc/openldap/slapd.d -l {PATH}/config.ldif
{PATH}openldap/sbin/slapadd -n 0 -F {PATH}/openldap/etc/openldap/slapd.d -l
{PATH}/slapd.d.ldif
From: xpzhang1...@gmail.com
Sent: Friday, March 22, 2024 6:41 PM
To: openldap-technical@openldap.org
Subject: [EXTERNAL] how to migrate an openldap server to a new linux server
I have an openldap server I want to clone it to another linux server. However,
I can't access it by login but can just run ldapsearch because this source
openldap server only open port 389. Now I installed openldap-servers package to
target
I have an openldap server I want to clone it to another linux server. However,
I can't access it by login but can just run ldapsearch because this source
openldap server only open port 389.
Now I installed openldap-servers package to target linux server, then what? I
appreciate if anybody can instruct me or direct me to useful documents.
