I don't have anything on the old server from the actual config files ...
---------- :: olcDatabase={1}hdb.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 93f87e7c
dn: olcDatabase={1}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: ou=people,o=emich.edu
olcAccess: {0}to attrs=userPassword by self write by * auth
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcAccess: {2}to attrs=userPKCS12 by self read by * none
olcAccess: {3}to * by * read
olcRootDN: cn=Administrator,ou=people,o=emich.edu
olcDbCacheSize: 10000
olcDbCheckpoint: 1024 5
olcDbConfig: {0}set_cachesize 0 15000000 1
olcDbConfig: {1}set_lg_regionmax 262144
olcDbConfig: {2}set_lg_bsize 2097152
olcDbConfig: {3}set_flags DB_LOG_AUTOREMOVE
olcDbConfig: {4}set_lk_max_locks 30000
olcDbConfig: {5}set_lk_max_objects 30000
olcDbIDLcacheSize: 30000
olcDbIndex: objectclass eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: member eq
olcDbIndex: memberUid eq
olcDbIndex: mail eq
olcDbIndex: cn eq,sub
olcDbIndex: displayName eq,sub
olcDbIndex: uid eq,sub
olcDbIndex: sn eq,sub
olcDbIndex: givenName eq,sub
structuralObjectClass: olcHdbConfig
entryUUID: b3baae2c-f8f6-1035-90eb-91daf978c9c3
creatorsName: cn=config
createTimestamp: 20160817184650Z
olcRootPW:: notapassword
entryCSN: 20160919185226.957088Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20160919185226Z
--------- :: olcDatabase={-1}frontend.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 3a908355
dn: olcDatabase={-1}frontend
objectClass: olcDatabaseConfig
olcDatabase: {-1}frontend
olcAccess: {0}to dn.base="" by * read
olcAccess: {1}to dn.base="cn=Subschema" by * read
structuralObjectClass: olcDatabaseConfig
entryUUID: b3baa54e-f8f6-1035-90e9-91daf978c9c3
creatorsName: cn=config
createTimestamp: 20160817184650Z
entryCSN: 20160817184650.166168Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20160817184650Z
Thanks,
Matt
On Tue, Feb 7, 2023 at 3:15 PM Quanah Gibson-Mount <[email protected]>
wrote:
>
>
> --On Tuesday, February 7, 2023 10:55 AM -0500 Matthew Goebel
> <[email protected]> wrote:
>
> > dn: olcDatabase=mdb,cn=config
> >
> > objectClass: olcDatabaseConfig
> >
> > objectClass: olcMdbConfig
> >
> > olcDatabase: mdb
> >
> > olcDbMaxSize: 1073741824
> >
> > olcSuffix: dc=my-domain,dc=com
> >
> > olcRootDN: cn=Manager,dc=my-domain,dc=com
> >
> ># Cleartext passwords, especially for the rootdn, should
> >
> ># be avoided. See slappasswd(8) and slapd-config(5) for details.
> >
> ># Use of strong authentication encouraged.
> >
> > olcRootPW: PASSWORDNOTHERE
> >
> ># The database directory MUST exist prior to running slapd AND
> >
> ># should only be accessible by the slapd and slap tools.
> >
> ># Mode 700 recommended.
> >
> > olcDbDirectory: /usr/local/var/openldap-data
> >
> ># Indices to maintain
> >
> > olcDbIndex: objectClass eq
>
>
> You should likely delete the above database definion, unless you really
> have a "dc=my-domain,dc=com" that you're serving. This just looks like
> the
> default one that's created by RH as an example. Note that this db doesn't
> allow any access either. ;)
>
>
>
>
> > dn: olcDatabase=mdb,cn=config
> >
> > objectClass: olcDatabaseConfig
> >
> > objectClass: olcMdbConfig
> >
> > olcDatabase: mdb
> >
> > olcDbDirectory: /var/lib/ldap
> >
> > olcSuffix: ou=people,o=emich.edu
> >
> > olcAccess: {0}to attrs=userPassword by self write by * auth
>
> This should most likely be "by self write by anonymous auth by * none"
>
> > olcAccess: {1}to attrs=shadowLastChange by self write by * read
> >
> > olcAccess: {2}to attrs=userPKCS12 by self read by * none
> >
> > olcAccess: {3}to * by * read
>
>
> I'm curious what your ACL definitions were for your 2.4 config (all ACLs
> including global).
>
>
>
>
> ># olcDbConfig: {0}set_cachesize 0 15000000 1
> >
> ># olcDbConfig: {1}set_lg_regionmax 262144
> >
> ># olcDbConfig: {2}set_lg_bsize 2097152
> >
> ># olcDbConfig: {3}set_flags DB_LOG_AUTOREMOVE
> >
> ># olcDbConfig: {4}set_lk_max_locks 30000
> >
> ># olcDbConfig: {5}set_lk_max_objects 30000
>
>
> Delete the above 'olcDbConfig' lines. Those were for back-bdb/hdb which
> doesn't exist in 2.5+
>
>
>
--
Matthew Goebel : m <[email protected]>[email protected] : Unix Jockey
@ EMU : Hail Eris
Neo-Student, Net Lurker, Donut consumer, and procrastinating medher...
"Always with the negative waves, Moriarty" - Oddball
"Comfort the troubled, and trouble the comfortable." - Dietrich Bonhoeffer
