Migration of OpenLDAP database backend from BDB to MDB

Knowledge Base Supported
, ,
#1

The memory mapped database (MDB) is the default backend for OpenLDAP for new UCS installations since UCS 4.0.

Up until version 5.0 the old Berkeley DB (BDB) database backend was also supported by UCS. This support for BDB ends with UCS 5.2, BDB for OpenLDAP will not be supported or possible with UCS 5.2.

This means every UCS Directory Node with OpenLDAP (Primary, Backup and Replica) still using BDB as OpenLDAP backend has to be migrated to MDB for OpenLDAP before the update to UCS 5.2 is possible.

Manual migration:

To migrate OpenLDAP to MDB, follow the steps below:

  • Login to the server as user root via console or SSH.
  • Check disk space (we recommend at least 10 times the current size of the OpenLDAP database of free disk space during migration). You can check the current size of OpenLDAP with:
    du -sh /var/lib/univention-ldap/ldap/
  • Check that the value of the UCR variable ldap/database/mdb/maxsize (by default 4295000000 bytes, so nearly 4GiB) is at least 3 times bigger then the current size of the BDB database (for future growth).
  • Perform the migration using the following commands:
    service slapd stop
slapcat -l /var/lib/univention-ldap/database.ldif
mkdir /var/lib/univention-ldap/ldap.BACKUP
mv /var/lib/univention-ldap/ldap/* /var/lib/univention-ldap/ldap.BACKUP
ucr set ldap/database/type=mdb
slapadd -l /var/lib/univention-ldap/database.ldif
service slapd start
  • Check that the migration was successful with:
    root@ucs:~# univention-ldapsearch -b "$(ucr get ldap/hostdn)"  1.1
# extended LDIF
#
# LDAPv3
# base <cn=server,cn=dc,cn=computers,dc=ucs,dc=domain> with scope subtree
# filter: (objectclass=*)
# requesting: 1.1 
#

# server, dc, computers, ucs.domain
dn: cn=server,cn=dc,cn=computers,dc=ucs,dc=domain

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

Automatic migration:

  • After release of UCS 5.2-0 you can download the script as file check.sh, for example by using wget.
  • Execute it as the user root: sudo bash check.sh migrate_openldap_bdb

Roll-back in case of an error:

In case of a problem during or after the migration, you can roll-back to the “old” database by:

service slapd stop
rm /var/lib/univention-ldap/ldap/*
cp /var/lib/univention-ldap/ldap.BACKUP/* /var/lib/univention-ldap/ldap/
ucr commit /var/lib/univention-ldap/ldap/DB_CONFIG
ucr set ldap/database/type=bdb
service slapd start
1 Like
#2
#3
Mastodon