I had to move openldap from one box to another, different version.

The slap* tools that come with openldap appear to access the files directly while the ldap* tools in ldap-utils go through the ldapserver.

I started by exporting the old server to ldif with ‘slapcat -l oldserver.ldif’. Then copy this file to the new server

Here were some problems. I couldn’t slapadd because some of this already existed. I ran ‘dpkg-reconfigure slapd’ to get the config file to match what was on the old server. In retrospect I could have just copied the old config, but I wanted to make sure there weren’t new config options that were needed. Reconfigure asks you what OU and DNS entries you want to use and creates a new database. Of course, this will have admin entries, so you’ll still have this above problem.

Stopped slapd. I went into /var/lib/ldap and removed all the files. Then used ‘slapadd -l oldserver.ldif’ to import the entries, which created a new database. Make sure all these files are owned by the user that slapd will run as (chown -R openldap.openldap /var/lib/ldap).

Now start slapd and see if it’s running. the init.d script on debian etch was starting it, but it was closing with no errors. I changed the ‘loglevel’ line /etc/ldap/slapd.conf to ‘511’ and restarted, seeing “bdb_db_open: alock package is unstable” in /var/log/syslog before slapd shut down. Somehow I had gotten this created in all my screwing around. I removed alock and log.* from /var/lib/ldap, double checked the permissions which I think slapadd had also mangled at some point, and started the server. Came up fine now. Tested with ldapsearch -x -W -b ‘basedn’ where basedn is the basedn =P.

This helped me figure out some of the differences between slap* and ldap* and this made me realize that the “DB_KEYEXIST: Key/data pair already exists” error was because the administrative entry was already in the preconfigured database so I had to start from scratch.