OpenLDAP migration from 2.3 to 2.4

jpb Fri, 18 Mar 2011 05:12:45 -0700

Hi All,

I'm currently in the progress of moving from v2.3 to 2.4 and have been
following the procedure shown in the documentation for switching from the
old slapd.conf to the new cn= format, i.e. slaptest -f <path> -F path> .


If I copy over slapd.conf from my old server and run slapd -d 256 , it
starts perfectly and answers querires, etc..  If, on the other hand, I run
the slaptest command shown above I get the following:

<= str2entry(cn={1}core) -> 0x7fda53d38798
=> access_allowed: search access to "cn={1}core,cn=schema,cn=config"
"objectClass" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
olcAttributeTypes: value #0 olcAttributeTypes: Duplicate attributeType:
"2.5.4.2"
config error processing cn={1}core,cn=schema,cn=config: olcAttributeTypes:
Duplicate attributeType: "2.5.4.2"
send_ldap_result: conn=-1 op=0 p=0
send_ldap_result: err=80 matched="" text=""
slapd destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.


I've been around Google and have found no solutions.  My slapd.conf is
years old and was made according to the smbldap tutorial originally
written by IDEALX. The file is shown below and any info is welcome.

Thanks,

Julian


####slapd.conf ####

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba.schema

database        bdb
directory       /var/lib/ldap
suffix          "dc=bordengrammar,dc=kent,dc=sch,dc=uk"
rootdn          "cn=Administrator,dc=bordengrammar,dc=kent,dc=sch,dc=uk"
sizelimit       10000
idletimeout     3700


rootpw          {SSHA}<removed>

index           objectClass,uidNumber,gidNumber                 eq
index           cn,sn,uid,displayName                           pres,sub,eq
index           memberUid,mail,givenname                        eq,subinitial
index           sambaSID,sambaPrimaryGroupSID,sambaDomainName   eq

# TLSCertificateFile /etc/openldap/cacerts/ldap.cert
# TLSCertificateKeyFile /etc/openldap/cacerts/ldap.key


access to attrs=userPassword,sambaLMPassword,sambaNTPassword
        by self write
        by anonymous auth
        by * none
access to *
        by * read

access to
attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdMustChange
        by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
        by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" 
write
        by dn="cn=nssldap,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
        by self write
        by anonymous auth
        by * none
access to
attrs=objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid
        by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
        by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" 
write
        by * read
access to
attrs=description,telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname
        by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
        by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" 
write
        by self write
        by * read
access to
attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName,sambaMungedDial,sambaBadPasswordCount,sambaBadPasswordTime,sambaPasswordHistory,sambaLogonHours,sambaSID,sambaSIDList,sambaTrustFlags,sambaGroupType,sambaNextRid,sambaNextGroupRid,sambaNextUserRid,sambaAlgorithmicRidBase,sambaShareName,sambaOptionName,sambaBoolOption,sambaIntegerOption,sambaStringOption,sambaStringListoption
        by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
        by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" 
write
        by self write
        by * read
access to dn.base="dc=bordengrammar,dc=kent,dc=sch,dc=uk"
        by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
        by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" 
write
        by * none
access to dn="ou=Users,dc=bordengrammar,dc=kent,dc=sch,dc=uk"
        by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
        by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" 
write
        by * none
access to dn="ou=Groups,dc=bordengrammar,dc=kent,dc=sch,dc=uk"
        by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
        by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" 
write
        by * none
access to dn="ou=Computers,dc=bordengrammar,dc=kent,dc=sch,dc=uk"
        by dn="cn=samba,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
        by dn="cn=smbldap-tools,ou=DSA,dc=bordengrammar,dc=kent,dc=sch,dc=uk" 
write
        by * none
access to *
        by dn="cn=slapmaster,ou=Users,dc=bordengrammar,dc=kent,dc=sch,dc=uk" 
read
        by self read
        by * none

OpenLDAP migration from 2.3 to 2.4

Reply via email to