export tree to ldif file

Export the data using the tools from the old version.

when slapd is not running:

 > slapcat > data.ldif

when slapd is running (much slower):

 > ldapsearch -x -LLL -z 0 -D "$dn" -W -b "$basedn" 'objectClass=*' '*' > data.ldif
Where $dn is the admin's dn, $basedn is the directory root

import tree

Import the data using tools from the new version.

When slapd is not running (various examples):

  # slapadd -f <ldap_config> -l <ldif_file> -b <basedn>
  # slapadd -l data.ldif -b o=anarchy


To make slapadd much faster:


# Just use this setting when doing slapadd...
set_flags DB_TXN_NOSYNC

restricting access

By default, slapd is wide open allowing anyone to search it. You should be careful with the ACL, restrict access to ssl, and only allow certain hosts to connect. There are many ways to restrict which hosts may connect. Here is the super easy way:




 slapd: ALL : DENY

base64 decode

Entries in LDIF format are often base64 encoded. How do you read them? Decode them:


userPassword:: c2VjcmV0


echo "c2VjcmV0" | perl -MMIME::Base64 -ne 'print decode_base64($_) . "\n"'

Executing this command prints “secret” followed by a newline.