Learn more about these different git repos.
Other Git URLs
I am having a working centos6 setup with openldap bind and bind-dyndb-ldap. Where ldap.so is just getting data from the ldap server in a 'read only' mode.
I am now adding centos7 environment with openldap-2.4.44-21, bind-9.9.4-74 and bind-dyndb-ldap-11.1-4. And I am running into several issues. I wondered if there is a specific upgrade manual only for this and not ipa related stuff?
What I have so far:
(1). sync replication is necessary on the slapd Enable with adding to slapd: dn: cn=module{0},cn=config changetype: modify replace: olcModuleLoad olcModuleLoad: syncprov.la
dn: olcOverlay=syncprov,olcDatabase={2}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov olcSpNoPresent: TRUE olcSpCheckpoint: 100 10 olcSpSessionlog: 100
(solves error: LDAP error: Critical extension is unavailable: critical control unavailable in context: unable to start SyncRepl session: is RFC 4533 supported by LDAP server?)
(2). It looks like I need to update the schema of 2.3.8 (because I do not see there the idnsConfigObject). Is there some ldif that updates the 2.3.8 schema, only for use with bind (nothing ipa related)?
(3). I guess I am missing this one? Or is there a more basic one? https://pagure.io/freeipa/blob/master/f/install/share/dns.ldif
error: LDAP error: No such object: unable to start SyncRepl session
(4) Should I get worried about some new layout issues. https://docs.pagure.org/bind-dyndb-ldap/LDAPSchema.html
I have now something like this: version: 1 dn: idnsName=domain.tld,ou=Services,dc=example,dc=local objectClass: idnsZone objectClass: idnsRecord objectClass: AdditionalInfo objectClass: top aRecord: x.x.x.223 dNSTTL: 300 idnsName: domain.tld idnsSOAexpire: 1209600 idnsSOAminimum: 86400 idnsSOAmName: ns1.example.nl idnsSOArefresh: 1800 idnsSOAretry: 900 idnsSOArName: hostmaster idnsSOAserial: 2013010101 idnsZoneActive: TRUE mXRecord: 50 mail.domain.tld. nSRecord: ns1.example.nl. nSRecord: ns2.example.nl. o: example
dn: idnsName=www,idnsName=domain.tld,ou=Services,dc=example,dc=local objectClass: idnsRecord objectClass: top aRecord: x.x.x.223 dNSTTL: 300 idnsName: www
dn: idnsName=webmail,idnsName=domain.tld,ou=Services,dc=example,dc=local objectClass: idnsRecord objectClass: top cNAMERecord: webmail.example.eu. dNSTTL: 300 idnsName: webmail
....
openldap-servers-2.4.23-34.el6_5.1.x86_64 bind-dyndb-ldap-2.3-8.el6.x86_64 bind-9.8.2-0.68.rc1.el6_10.1.x86_64
I don't think there are any instructions how to set it up against OpenLDAP (or anything else different from FreeIPA), so you are on your own here. Thanks for figuring out missing pieces. The latest schema is https://pagure.io/bind-dyndb-ldap/blob/master/f/doc/schema.ldif
https://docs.pagure.org/bind-dyndb-ldap/LDAPSchema.html is what the current bind-dyndb-ldap version implements, so if you are migrating from older version, you have to use the new layout.
As to the tree upgrade, I thought we had something in FreeIPA around the time new tree layout was introduced but I cannot find on spot and I'm on vacation now. with limited git foo. You might want to search in FreeIPA git commits...
Login to comment on this ticket.