-1

I upgraded my Ubuntu server from 12.04 to 14.04 using standard do-release-upgrade.

After upgrade I found that my OpenLDAP directory data is purged. This is an unexpected outcome of an upgrade. I don't think that many people expect data on a server to be be purged or whipped as part of a standard upgrade process.

But someone must have thought it as unavoidable and necessary otherwise it would no be part of the upgrade. The question now is if this person or persons also thought about restore of data following this unexpected purge of data.

I can't find any information. How do I restore this data? Is this data still available somewhere on the server for easy restore?

The installation looks broken now, for example when I try

ostraaten@ubuntu:~$ sudo dpkg-reconfigure slapd
[sudo] password for ostraaten: 
/usr/sbin/dpkg-reconfigure: slapd is broken or not fully installed
onknows
  • 322
  • 2
  • 5
  • 15
  • The question why data is purged as part of an upgrade is also intriguing. If anyone knows, I would like to know as well. – onknows Dec 21 '14 at 11:39
  • Is the data purged or did the upgrader merely point to a different location for the data? Do you have a backup? If not, why? – Sven Dec 21 '14 at 12:01
  • I'm not sure what happened but the installation looks broken now. I have a backup but I would rather not do complete reinstall of OpenLDAP. – onknows Dec 22 '14 at 10:42

1 Answers1

0

I fixed this issue as follows: Complete remove of OpenLDAP using

sudo service slapd stop
sudo apt-get -y remove --purge slapd
rm -rf /var/lib/ldap
sudo rm -rf /etc/ldap/
sudo apt-get -y remove --purge ldap-utils

Install + restore of backup using script similar to

#!/bin/bash
# 
set -x #echo on
export LC_ALL=en_US.UTF-8 
export DEBIAN_FRONTEND=noninteractive
echo -e " \
slapd slapd/internal/generated_adminpw password ******
slapd slapd/password2 password ******
slapd slapd/internal/adminpw password ******
slapd slapd/password1 password ******
slapd slapd/allow_ldap_v2 boolean false
slapd slapd/move_old_database boolean true
slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
slapd slapd/domain string mydomain.com
slapd slapd/dump_database select when needed
slapd slapd/invalid_config boolean true
slapd slapd/no_configuration boolean false
slapd shared/organization string MyDomain.com
slapd slapd/backend select HDB
slapd slapd/purge_database boolean true
slapd slapd/upgrade_slapcat_failure error   
slapd slapd/password_mismatch note" | sudo debconf-set-selections
sudo apt-get install -y slapd ldap-utils
sudo usermod -a -G openldap user # add user user to openldap group
sudo service slapd status
sudo service slapd start
sudo slapcat

# change root-pw
cat <<EOT >> /home/ostraaten/1-olc-root-pw.ldif
dn: olcDatabase={1}hdb,cn=config 
replace: olcRootPW
olcRootPW: {SSHA}******
EOT
sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f 1-olc-root-pw.ldif
ldapwhoami -vvv -h localhost -p 389  -D cn=admin,dc=mydomain,dc=com -x -w ******

# add memberof attribuut
cat <<EOT >> 2-overlay.ldif
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib/ldap
olcModuleLoad: memberof

dn: olcOverlay=memberof,olcDatabase={1}hdb,cn=config
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf
EOT
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f 2-overlay.ldif

# create schema using backup ldif
cat <<EOT >> 3-ok.ldif
dn: ou=people,dc=mydomain,dc=com
objectClass: organizationalUnit
objectClass: top
ou: people

dn: ou=groups,dc=mydomain,dc=com
objectClass: organizationalUnit
objectClass: top
ou: groups

# etc etc
EOT
ldapadd -h localhost -p 389 -D cn=admin,dc=mydomain,dc=com -w ****** -f 3-ok.ldif
onknows
  • 322
  • 2
  • 5
  • 15