To transition to a new version of OpenLDAP, databases must be exported to LDAP Data Interchange Format (LDIF) and imported following the system upgrade.
Oracle Solaris packaging of OpenLDAP no longer provides support for the Berkeley DB (BDB) format static backends. Import data using the default Lightning Memory-Mapped Database (LMDB) format.
Use the svcs command to check the state of the openldap service. If the state is any state other than disabled, disable the openldap service:
# svcadm disable ldap/server:openldap
# mkdir -p /var/share/openldap # slapcat -l /var/share/openldap/data.ldif
See the slapcat(8oldap) man page for more information.
If the openldap service is in the maintenance state (if it was enabled at the time of system upgrade), disable the openldap service.
This step is not necessary if the system is using OLC, which stores data in the /etc/openldap/slapd.d directory.
Edit the /etc/openldap/slapd.conf file to update the following configuration. You might want to back up your existing slapd.conf file first.
TLSProtocolMin: Minimum protocol version. Make sure TLSProtocolMin is set to 3.2.
TLSProtocolMin 3.2
database: OpenLDAP database type. Make sure database is set to mdb.
database mdb
You might want to back up your existing database files first.
Do not remove the directory itself, which is owned by user and group openldap.
# rm -rf /var/openldap/openldap-data/*
As user openldap, use the slapadd command to import the LDIF data.
Execute the import from a directory that is accessible to the openldap user to prevent getcwd errors from slapadd.
# cd /tmp $ su openldap -c "slapadd -l /var/share/openldap/data.ldif"
For more information, see the slapadd(8oldap) man page.
# svcadm enable ldap/server:openldap
# svcs ldap/server:openldap
If the service status is not online, check the service log file to troubleshoot.
# svcs -Lv ldap/server:openldap