- 1 upgrading
- 2 slapadd
- 3 restricting access
- 4 base64 decode
export tree to ldif file¶
Export the data using the tools from the old version.
when slapd is not running:
> slapcat > data.ldif
when slapd is running (much slower):
> ldapsearch -x -LLL -z 0 -D "$dn" -W -b "$basedn" 'objectClass=*' '*' > data.ldif Where $dn is the admin's dn, $basedn is the directory root
Import the data using tools from the new version.
When slapd is not running (various examples):
# slapadd -f <ldap_config> -l <ldif_file> -b <basedn> # slapadd -l data.ldif -b o=anarchy
To make slapadd much faster:
# Just use this setting when doing slapadd... set_flags DB_TXN_NOSYNC set_flags DB_TXN_NOT_DURABLE
By default, slapd is wide open allowing anyone to search it. You should be careful with the ACL, restrict access to ssl, and only allow certain hosts to connect. There are many ways to restrict which hosts may connect. Here is the super easy way:
slapd: allow.me.org 192.168.0.1 127.0.0.1
slapd: ALL : DENY
Entries in LDIF format are often base64 encoded. How do you read them? Decode them:
echo "c2VjcmV0" | perl -MMIME::Base64 -ne 'print decode_base64($_) . "\n"'
Executing this command prints “secret” followed by a newline.