summaryrefslogtreecommitdiffstats
path: root/doc/guide/admin/appendix-upgrading.sdf
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 11:11:40 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 11:11:40 +0000
commit7731832751ab9f3c6ddeb66f186d3d7fa1934a6d (patch)
treee91015872543a59be2aad26c2fea02e41b57005d /doc/guide/admin/appendix-upgrading.sdf
parentInitial commit. (diff)
downloadopenldap-7731832751ab9f3c6ddeb66f186d3d7fa1934a6d.tar.xz
openldap-7731832751ab9f3c6ddeb66f186d3d7fa1934a6d.zip
Adding upstream version 2.4.57+dfsg.upstream/2.4.57+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/guide/admin/appendix-upgrading.sdf')
-rw-r--r--doc/guide/admin/appendix-upgrading.sdf40
1 files changed, 40 insertions, 0 deletions
diff --git a/doc/guide/admin/appendix-upgrading.sdf b/doc/guide/admin/appendix-upgrading.sdf
new file mode 100644
index 0000000..774abbc
--- /dev/null
+++ b/doc/guide/admin/appendix-upgrading.sdf
@@ -0,0 +1,40 @@
+# $OpenLDAP$
+# Copyright 2007-2021 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+H1: Upgrading from 2.3.x
+
+The following sections attempt to document the steps you will need to take in order
+to upgrade from the latest 2.3.x OpenLDAP version.
+
+The normal upgrade procedure, as discussed in the {{SECT:Maintenance}} section, should
+of course still be followed prior to doing any of this.
+
+H2: {{B:cn=config}} olc* attributes
+
+Quite a few {{olc*}} attributes have now become obsolete, if you see in your logs
+entries like below, just remove them from the relevant ldif file.
+
+> olcReplicationInterval: value #0: <olcReplicationInterval> keyword is obsolete (ignored)
+
+H2: ACLs: searches require privileges on the search base
+
+Search operations now require "search" privileges on the "entry" pseudo-attribute of the search
+base. While upgrading from 2.3.x, make sure your ACLs grant such privileges to all desired search
+bases.
+
+For example, assuming you have the following ACL:
+
+> access to dn.sub="ou=people,dc=example,dc=com" by * search
+
+Searches using a base of "dc=example,dc=com" will only be allowed if you add the following ACL:
+
+> access to dn.base="dc=example,dc=com" attrs=entry by * search
+
+Note: The {{slapd.access}}(5) man page states that this requirement was introduced
+with OpenLDAP 2.3. However, it is the default behavior only since 2.4.
+
+
+
+ADD MORE HERE
+