diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 11:11:40 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 11:11:40 +0000 |
commit | 7731832751ab9f3c6ddeb66f186d3d7fa1934a6d (patch) | |
tree | e91015872543a59be2aad26c2fea02e41b57005d /doc/guide/admin/appendix-upgrading.sdf | |
parent | Initial commit. (diff) | |
download | openldap-7731832751ab9f3c6ddeb66f186d3d7fa1934a6d.tar.xz openldap-7731832751ab9f3c6ddeb66f186d3d7fa1934a6d.zip |
Adding upstream version 2.4.57+dfsg.upstream/2.4.57+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/guide/admin/appendix-upgrading.sdf')
-rw-r--r-- | doc/guide/admin/appendix-upgrading.sdf | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/doc/guide/admin/appendix-upgrading.sdf b/doc/guide/admin/appendix-upgrading.sdf new file mode 100644 index 0000000..774abbc --- /dev/null +++ b/doc/guide/admin/appendix-upgrading.sdf @@ -0,0 +1,40 @@ +# $OpenLDAP$ +# Copyright 2007-2021 The OpenLDAP Foundation, All Rights Reserved. +# COPYING RESTRICTIONS APPLY, see COPYRIGHT. + +H1: Upgrading from 2.3.x + +The following sections attempt to document the steps you will need to take in order +to upgrade from the latest 2.3.x OpenLDAP version. + +The normal upgrade procedure, as discussed in the {{SECT:Maintenance}} section, should +of course still be followed prior to doing any of this. + +H2: {{B:cn=config}} olc* attributes + +Quite a few {{olc*}} attributes have now become obsolete, if you see in your logs +entries like below, just remove them from the relevant ldif file. + +> olcReplicationInterval: value #0: <olcReplicationInterval> keyword is obsolete (ignored) + +H2: ACLs: searches require privileges on the search base + +Search operations now require "search" privileges on the "entry" pseudo-attribute of the search +base. While upgrading from 2.3.x, make sure your ACLs grant such privileges to all desired search +bases. + +For example, assuming you have the following ACL: + +> access to dn.sub="ou=people,dc=example,dc=com" by * search + +Searches using a base of "dc=example,dc=com" will only be allowed if you add the following ACL: + +> access to dn.base="dc=example,dc=com" attrs=entry by * search + +Note: The {{slapd.access}}(5) man page states that this requirement was introduced +with OpenLDAP 2.3. However, it is the default behavior only since 2.4. + + + +ADD MORE HERE + |