Thanks for the notes and for the link. The lack of slapd isn't a major
problem - the contact list which it served was for a group of which I'm
no longer a member (it's just a pain that evolution wibbles because it
can't contact slapd). I will fix it when I feel that I've got enough
gumption.

(I used to be fairly good at LDAP, but that was quite a few years ago.
At one point, the ISP for which I worked decided to switch to LDAP for
their authentication directory, and I drew the short straw. So I went
from knowing nothing about LDAP to managing +50 LDAP servers in about 3
weeks. That was fun :( The scary thing is that the L in LDAP stands
for "lightweight", and previously there was DAP, which was so complex
that not even the developers could manage it.)


On Tue, 2025-09-09 at 11:15 +1000, Tom via Dng wrote:
> On 9/9/2025 00:01, Peter Duffy wrote:
> > Hi,
> >
> > One thing that's broken is slapd (the openLDAP server). I've found
> > the
> > underlying reason: apparently bookworm moved to openLDAP 2.5, in
> > which
> > the old bdb backend was removed. My own LDAP directory is in bdb
> > format. The 2.5 upgrade backs up the settings and directories to
> > LDIF
> > files, and then tries to re-import them after the upgrade. However,
> > if
> > there's a bdb format directory, the reload fails because slapd
> > can't
> > find the bdb module and won't start. Presumably, there should be a
> > stage where the config files are changed to remove the requirement
> > for
> > the bdb module, but this has been missed. Again - if anyone's hit
> > this
> > and found a fix, I'd be really grateful to hear about it. (It's not
> > a
> > big deal, as the actual directory isn't really needed any more. I
> > think
> > I can probably fix it by playing around with it manually - it'll
> > just
> > take time: if I do manage to fix it, I'll report back.)
>
> I was in a similar situation, delaying a chimaera->daedalus upgrade
> because of openldap migration to 2.5. In my case the problem was with
> an
> existing ppolicy schema that is now included with openldap.  I was
> already using mdb so I don't have the exact same problem.
>
> The general gist of it was:
> - run dist-upgrade.
> - slapd upgrade fails and slapd service is stopped.
> - edit a copy of latest database cn=config backup taken by package
> maintainer scripts under /var/backups/slapd-<version>/ to remove the
> old
> ppolicy schema definition.
> - re-add databases with slapadd.
> - don't forget to chown relevant directories (/etc/ldap/slapd.d and
> /var/lib/ldap) to openldap:openldap user/group as running slapadd
> from
> root will add all the files with root owner.
>
> The post at
> https://discourse.ubuntu.com/t/service-migrating-from-openldap-2-4-x-to-2-5-x/23807
>  
> has a good overview on the steps for migrating from bdb to mdb.  It's
> using cn=config so you may need to adjust accordingly if you are
> still
> using slapd.conf.
>
> The README.Debian.gz in 2.5.13+dfsg-5 also has some steps outlined
> for
> migrating with cn=config.
>
> Tom
> _______________________________________________
> Dng mailing list
> Dng@???
> Manage your subscription:
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> Archive: https://lists.dyne.org/lurker/list/dng.en.html