OpenLdapCnConfigMigration
|
Size: 3344
Comment:
|
Size: 3721
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 26: | Line 26: |
== Assumptions == |
* Chris install the slapd package and can use the new cn=config tree to manage his LDAP tree using standard LDAP command tools. * Don upgrades his LDAP directory and can use LDAP queries and updates to change the ACLs of object in the directory. * Erwan installs an application that uses an ldap schema. After installing, the new features are automatically available in the LDAP directory. |
| Line 32: | Line 33: |
| The new configuration backend in explained in the OpenLDAP administrator Guide: http://www.openldap.org/doc/admin24/slapdconf2.html | |
| Line 39: | Line 41: |
| A new installation will enable cn=config by default. | ==== update common functions in slapd.scripts-common to support cn=config ==== slapd.scripts-common has functions that scan and extract information from slapd.conf. These functions should be modified to support cn=config as a backend (instead of slapd.conf). ==== new installation ==== new installation will enable cn=config by default. slapd.scripts-common functions responsible for generating a new configuration will have to be updated to create slapd.d/ and set the correct option in cn=config. ==== upgrades ==== |
| Line 42: | Line 52: |
| 1. Enable the config database using rootdn="cn=admin,cn=config" and the root password stored in debconf. | 1. Enable the config database using rootdn="cn=admin,cn=config". The password will either be extracted from the existing database or the user will be prompted to enter a new one. |
| Line 44: | Line 54: |
| 3. Rename the old slapd.conf to slapd.conf.bak. | 3. Rename the old slapd.conf to slapd.conf.bak and update /etc/default/slapd to use the new cn=config backend. |
| Line 48: | Line 58: |
| === UI Changes === | Here is an overview of the upgrade logic: |
| Line 50: | Line 60: |
| ## Should cover changes required to the UI, or specific UI that is required to implement this === Code Changes === ## Code changes should include an overview of what needs to change, and in some cases even the specific details. === Migration === ## Include: ## * data migration, if any ## * redirects from old URLs to new ones, if any ## * how users will be pointed to the new way of doing things, if necessary. == Test/Demo Plan == ## It's important that we are able to test new features, and demonstrate them to users. Use this section to describe a short plan that anybody can follow that demonstrates the feature is working. This can then be used during testing, and to show off after release. ## This need not be added or completed until the specification is nearing beta. |
[inline:SlapdUpgradeProcedure.png] |
Launchpad Entry: openldap-cnconfig-migration
Summary
OpenLDAP version 2.3 introduced a special DIT called cn=config that can be used to replace the slapd.conf file.
Release Note
Rationale
slapd.conf has certain drawbacks: adding schema files creating new databases requires editing slapd.conf. Future version of openldap will drop support of slapd.conf.
cn=config enables programatic access to slapd configuration, such as loading additional schemas.
Use Cases
- Chris install the slapd package and can use the new cn=config tree to manage his LDAP tree using standard LDAP command tools.
- Don upgrades his LDAP directory and can use LDAP queries and updates to change the ACLs of object in the directory.
- Erwan installs an application that uses an ldap schema. After installing, the new features are automatically available in the LDAP directory.
Design
The new configuration backend in explained in the OpenLDAP administrator Guide: http://www.openldap.org/doc/admin24/slapdconf2.html
Implementation
cn=config migration
update common functions in slapd.scripts-common to support cn=config
slapd.scripts-common has functions that scan and extract information from slapd.conf. These functions should be modified to support cn=config as a backend (instead of slapd.conf).
new installation
new installation will enable cn=config by default. slapd.scripts-common functions responsible for generating a new configuration will have to be updated to create slapd.d/ and set the correct option in cn=config.
upgrades
On upgrade, the postinst script will try convert slapd.conf to cn=config:
- Enable the config database using rootdn="cn=admin,cn=config". The password will either be extracted from the existing database or the user will be prompted to enter a new one.
- Convert slapd.conf using slapd -f and -F options.
- Rename the old slapd.conf to slapd.conf.bak and update /etc/default/slapd to use the new cn=config backend.
[http://www.zytrax.com/books/ldap/ch6/slapd-config.html Chapter 6: OpenLDAP using cn=config - Converting to use cn=config]
Here is an overview of the upgrade logic:
[inline:SlapdUpgradeProcedure.png]
Outstanding Issues
BoF agenda and discussion
OpenLdapCnConfigMigration (last edited 2008-08-06 16:36:04 by localhost)