On 2021-06-07 18:32:18 (+0800), Per olof Ljungmark wrote:
On 6/7/21 12:11 PM, Philip Paeps wrote:
On 2021-06-07 17:47:57 (+0800), Per olof Ljungmark wrote:
A bit urgent...
After updating to openldap-server 2.59 slapd refuses to start, how
can I revert to 2.57 with ports and git while troubleshooting the
update?
You're probably running into the same issue I ran into this weekend
when I upgraded the FreeBSD.org cluster's ldap-master.
The problem we had that openldap24-server since 2.4.58_2 wants to
build all overlays as modules. We use the syncprov module in our
configuration for replication. That by itself isn't too exciting
... except that we also store the configuration inside LDAP.
I rebuilt openldap24-server without DYNAMIC_MODULES and with
SYNCPROV. That didn't work either because we expect the mdb backend
to be loaded as a module. Second try: with DYNAMIC_BACKENDS,
without DYNAMIC_MODULES, with SYNCPROV. That worked.
Give that a go.
Meanwhile, if you have to downgrade, you can always do a pkg install
/var/db/pkg/openldap-version-that-worked.
Well thanks a lot! But then, why DYNAMIC_BACKENDS marked as
DEPRECATED?
Anyway, thanks again, saved my day.
As I understand it, DYNAMIC_BACKENDS predates DYNAMIC_MODULES and is a
subset of it. With DYNAMIC_BACKENDS, you only build the backends as
modules but you compile in the overlays. With DYNAMIC_MODULES, both the
backends and the overlays are built as modules.
Going from the configuration we (and possibly you?) have to
DYNAMIC_MODULES may be a little bit interesting though. To modify the
configuration to dynamically load the overlay, we'll have to be running
a slapd with the overlay statically built in. And we'll need to do this
a little bit carefully because the replicas also replicate the config.
For now I will keep DYNAMIC_BACKENDS but leave DYNAMIC_MODULES off.
It's a little ... disruptive ... when LDAP goes down. :)
Philip
--
Philip Paeps
Senior Reality Engineer
Alternative Enterprises
