published on

openldap upgrade

We use LDAP for a few things at $JOB, and I do my best to take care of them and keep them up to date.

As I get more surly and burnt by the bleeding edge, I have started to adopt the no-frivolous upgrade policy.

With that, one of our LDAP nodes was running a little sluggish. I have our ldap service load-balanced, so it was easy to direct all queries on one while I took some time to investigate why one (a VM no less) was running so slow.

root@ext-auth-west1:~ # /usr/local/libexec/slapd -T test
5461524d bdb(dc=ext-auth,dc=bayphoto,dc=com): BDB1538 Program version 5.3 doesn't match environment version 4.6
5461524d hdb_db_open: database "dc=ext-auth,dc=bayphoto,dc=com" cannot be opened, err -30969. Restore from backup!
5461524d backend_startup_one (type=hdb, suffix="dc=ext-auth,dc=bayphoto,dc=com"): bi_db_open failed! (-30969)
slap_startup failed (test would succeed using the -u switch)

Oh no! What a dire situration!

I was glad I took the proper steps by rolling this out into production, and then took the first two steps any reasonable sysadmin would do:

  1. Google the error
  2. Take a backup

I came across a few obscure posts, and the most helpful one had all of the necessary steps, but was in Russian…

The steps were accurate, but the why behind it all was lacking.

Lets break it down.

First, your db files are in the 4.x format. You have checkpoint your current files with the -1 flag. What does that do?

{% blockquote %} -1

Force a single checkpoint of the log (regardless of whether or not there has been activity since the last checkpoint), and then exit.

When the -1 flag is specified, the db_checkpoint utility will checkpoint the log even if unable to find an existing database environment. This functionality is useful when upgrading database environments from one version of Berkeley DB to another. {% endblockquote %}

root@ext-auth-west1:/data/db/ldap-data # db_checkpoint-4.6 -1
root@ext-auth-west1:/data/db/ldap-data # db_recover-4.6 
root@ext-auth-west1:/data/db/ldap-data # db_upgrade-5.3 -v *.bdb
BDB5019 db_upgrade-5.3: cn.bdb upgraded successfully
BDB5019 db_upgrade-5.3: displayName.bdb upgraded successfully
BDB5019 db_upgrade-5.3: dn2id.bdb upgraded successfully
BDB5019 db_upgrade-5.3: entryCSN.bdb upgraded successfully
BDB5019 db_upgrade-5.3: entryUUID.bdb upgraded successfully
BDB5019 db_upgrade-5.3: gidNumber.bdb upgraded successfully
BDB5019 db_upgrade-5.3: givenName.bdb upgraded successfully
BDB5019 db_upgrade-5.3: id2entry.bdb upgraded successfully
BDB5019 db_upgrade-5.3: mail.bdb upgraded successfully
BDB5019 db_upgrade-5.3: memberUid.bdb upgraded successfully
BDB5019 db_upgrade-5.3: objectClass.bdb upgraded successfully
BDB5019 db_upgrade-5.3: ou.bdb upgraded successfully
BDB5019 db_upgrade-5.3: sambaDomainName.bdb upgraded successfully
BDB5019 db_upgrade-5.3: sambaPrimaryGroupSID.bdb upgraded successfully
BDB5019 db_upgrade-5.3: sambaSID.bdb upgraded successfully
BDB5019 db_upgrade-5.3: sn.bdb upgraded successfully
BDB5019 db_upgrade-5.3: uid.bdb upgraded successfully
BDB5019 db_upgrade-5.3: uidNumber.bdb upgraded successfully
BDB5019 db_upgrade-5.3: uniqueMember.bdb upgraded successfully