Change BaseDN in OpenLDAP

Question

Change BaseDN in OpenLDAP

I tried to rename my OpenLDAP baseDN

from

DC = ABC, DC = com

in

DC = Hug, DC = Edu

I changed some conf files:

/etc/ldap/slapd.d/cn\=config/olcDatabase= {1} hdb.ldif
/etc/ldapscripts/ldapscripts.conf

and phpLDAPadmin configurations:

config.php

to the new root dn

But after I restarted the slapd and lighttpd services, although I could enter the phpLDAPAdmin admin interface (admin binddn), but I was not able to do anything.

I also tried running some ldap command lines, but this did not work.

What else do I need to do? Or is there something wrong with my method?

+6

debian rename openldap

Trinh nguyen Oct 23 '13 at 9:00

source share

2 answers

A very useful guide! For further use, I found that: After modifying paragraph 5b, the test (as described in paragraph 7) will report a defective crc32 value (the checksum is on line 2 of the same file);

Edit 06/2/2018: As suggested by PF4Public, you can delete these lines altogether.

In any other case: And you will have to generate a new crc32 (I use Debian Jessy, your path may be different)

Quick route:

 tail -n +3 /etc/ldap/slapd.d/cn\=config/olcDatabase\=\{1\}mdb.ldif

and pasting the result inside the crc32 online calculator. The calculated crc32 value replaces the old value located on line 2 of mdb.ldif.

A slow / thorough route is described here: https://gist.github.com/Shaltz/1d65a07a0901a36fb7f1

After adding new_ldap.ldif, make sure that the openldap user has permissions on the generated database.

 chown -R openldap:openldap /var/lib/ldap

+1

Rj May 15, '17 at 16:47

source share

Trinh nguyen · Accepted Answer · 2013-10-24T07:49:59+0000

Ok, I decided it myself. Here's how I migrated the current LDAP database to the new domain:

Export the old LDAP database to the ldif file.
Remove old databaes
Create a new LDAP database with a new domain name
Modify the exported ldif file above to match the new domain (dn root)
Import modified ldif file into a new database

Assuming I have a new domain name, dc = my, dc = new, dc = ldap, dc = domain , and I want to move all existing LDAP data to a new one.

I took the following steps

Back up the old LDAP database
```
# slapcat -v -l old_ldap.ldif 
```
Stop OpenLDAP Server
```
 # service slapd stop 
```
Removing an Old LDAP Database
```
 # cd /var/lib/ldap # rm -rf * 
```

Make sure LDAP is not running

 # nano /var/lib/ldap/DB_CONFIG

NOTE. add the following lines and save

 #DB_CONFIG set_cachesize 0 150000000 1 set_lg_regionmax 262144 set_lg_bsize 2097152 set_flags DB_LOG_AUTOREMOVE

Change the current LDAP settings in the following files

/etc/ldapscripts/ldapscripts.conf

 ... SERVER="ldap://localhost" BINDDN="cn=admin,dc=my,dc=new,dc=ldap,dc=domain" BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd" ...

/etc/ldap/slapd.d/cn=config/olcDatabase\={1}hdb.ldif

 ... olcSuffix: dc=my,dc=new,dc=ldap,dc=domain olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=my,dc=new,dc=ldap,dc=domain" write by * none olcAccess: {2}to * by self write by dn="cn=admin,dc=my,dc=new,dc=ldap,dc=domain" write by * read olcRootDN: cn=admin,dc=my,dc=new,dc=ldap,dc=domain olcRootPW: <new administrator password> ...

Prepare a new LDAP directory structure, data, new_ldap.ldif , or change old_ldap.ldif to a new dn)

 # Root dn: dc=my,dc=new,dc=ldap,dc=domain description: New LDAP BaseDN dc: parent o: parent.my.new.ldap.domain objectClass: top objectClass: dcObject objectClass: organization structuralObjectClass: organization # administrator dn: cn=admin,dc=my,dc=new,dc=ldap,dc=domain objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword: <new administrator password> structuralObjectClass: organizationalRole # Subtree for Users dn: ou=Users,dc=my,dc=new,dc=ldap,dc=domain ou: Users description: Parent Ldap Users objectClass: organizationalUnit objectClass: top structuralObjectClass: organizationalUnit # Subtree for Groups dn: ou=Groups,dc=my,dc=new,dc=ldap,dc=domain ou: Groups description: Parent LDAP Groups objectClass: organizationalUnit objectClass: top structuralObjectClass: organizationalUnit ...

Check out the new ldif

 # slapadd -b "dc=my,dc=new,dc=ldap,dc=domain" -v -u -l new_ldap.ldif

NOTE. -u means running the command in test mode

If everything is in order, the result will look something like this:

  added: "dc=my,dc=new,dc=ldap,dc=domain" added: "cn=admin,dc=my,dc=new,dc=ldap,dc=domain" added: "ou=Users,dc=my,dc=new,dc=ldap,dc=domain" added: "ou=Groups,dc=my,dc=new,dc=ldap,dc=domain" _#################### 100.00% eta none elapsed none fast!

Add new LDAP data to the server

 # slapadd -b "dc=my,dc=new,dc=ldap,dc=domain" -v -l new_ldap.ldif

You can check for updates in your blog post about this issue: http://iambusychangingtheworld.blogspot.com/2013/10/ldap-create-new-ldap-directory.html

Change BaseDN in OpenLDAP

I took the following steps

More articles: