summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Arendsen Hein <thomas@intevation.de>2011-04-14 15:42:03 (GMT)
committerChristoph Wickert <wickert@kolabsys.com>2011-04-15 20:03:15 (GMT)
commitfcc2b8397e263a8a077f6799f0ed0387e72426c8 (patch)
treed55afa0b593897bea480c1545f5ccb567be8c9cb
parentcc54dd94bc2711699235c5e2fd92117b7492e258 (diff)
downloadserver-fcc2b8397e263a8a077f6799f0ed0387e72426c8.tar.gz
Updated 1st.README instructions for 2.2.4 -> 2.3.0
-rw-r--r--1st.README174
1 files changed, 102 insertions, 72 deletions
diff --git a/1st.README b/1st.README
index 42d2c22..1412589 100644
--- a/1st.README
+++ b/1st.README
@@ -129,95 +129,125 @@ Or alternatively if the Kolab server was stopped before the upgrade:
Upgrade from 2.2.4 to 2.3.0
---------------------------
-FIXME: Pakete entfernen
-FIXME: rfc2739.schema muss raus bzw darf niht zur├╝ckgemerged werden
-FIXME: Pakete recompilern f├╝r opelssl
+The new OpenLDAP version in this release of Kolab introduces many changes
+to the LDAP setup, please read and follow these instructions carefully,
+otherwise your setup might seem to work fine, but will not work reliably!
-OpenLDAP has been updated to version 2.4.23 in this release of Kolab. As this
-introduces many changes to your LDAP setup, please read these instructions
-carefully.
-
-Due to a change in OpenLDAP's core.schema the 'countryName' or 'c' attribute
-no longer allows using free text but only 2-letter codes from ISO 3166. If you
-use the 'countryName' attribute to store data, you will have to continue using
-your old core.schema or to replace your own values with ISO country codes.
-
-Both procedures are described here as follows.
-
-0. Make a backup of your installation and data stored inside /kolab
-
-1. The Kolab server must be stopped:
-
- # /kolab/bin/openpkg rc all stop
-
-2. Save the current LDAP data:
-
- Copy the contents of the openldap database, use a different output
- filename if you want. You should make sure that no other users can
- read the sensitive data contained in the ldif file, e.g. with umask
- (limited to the slapcat call by using parentheses):
-
- # (umask 077 && /kolab/sbin/slapcat > ~/kolab-2.2.4.ldif)
-
-3. Start the standard upgrade:
- (as described in the General update instructions)
-
- # sh install-kolab.sh 2>&1 | tee /root/kolab-update.log
-
-Replacing values (recommended)
-
-Because of the unlimited number of possible values we cannot provide an
-upgrade script. , but here is a little help for you:
+0. Make a backup of your installation and data stored inside /kolab
-4. To get a list of values used in the countryName attribute run
+1. The Kolab server must be stopped:
- # grep ^c: ~/kolab-2.2.4.ldif | awk '{print $2}' | sort -u
+ # /kolab/bin/openpkg rc all stop
-5. Replace the values with the ISO country codes from
- http://www.iso.org/iso/english_country_names_and_code_elements
- To replace for example "Germany" with the code "DE", run
+2. Save the current LDAP data:
- # sed 's|^c: Germany|c: DE|g' ~/kolab-2.2.4.ldif > ~/kolab-2.3.0.ldif
+ Copy the contents of the openldap database, use a different output
+ filename if you want. You should make sure that no other users can
+ read the sensitive data contained in the ldif file, e.g. with umask
+ (limited to the slapcat call by using parentheses):
-6. Import the ldif again
+ # (umask 077 && /kolab/sbin/slapcat > ~/kolab-2.2.4.ldif)
- # /kolab/sbin/slapadd < ~/new-format.ldif
+3. Some of the old Kolab packages must be removed to avoid conflicts
+ during the upgrade process:
-Keeping old values
+ # /kolab/bin/openpkg rpm -e --nodeps kolabd PHPUnit
-If you cannot change the countryName attributes of your users, you need do
-continue using your old core.schema. Make sure to do a backup before you
-upgrade to Kolab 2.3 and restore the file from the backup once the upgrade is
-done.
+4. When not using precompiled binary packages, you will need to remove
+ packages that link against openssl, unless they got updated in this
+ release. For an an update from 2.2.4 to 2.3.0, this can be done with:
-4. /kolab/etc/openldap/schema/core.schema will be saved as core.rpmsave,
- please move it back to the original name:
+ # /kolab/bin/openpkg rpm -e --nodeps \
+ apr curl imap perl-crypto perl-ssl postfix sasl
- # cd /kolab/etc/openldap && mv core.schema.rpmsave core.schema
+5. Start the standard upgrade:
+ (as described in the General update instructions)
- FIXME: verify that the file is really saved as rpmsave
- FIXME: is core.ldif needed?
+ # sh install-kolab.sh 2>&1 | tee /root/kolab-update.log
-In previous versions of the Kolab Server, the distinguishing name (dn) to name
-users was built from their common name (cn) attribute and the cn was built
-from the attributes 'givenName' (e.g. John) and 'sn' (Doe). Therefore it was
-not possible to have two users of the same name or two accounts for the same
-person (cn=John Doe) since each dn must be distinct.
+6. The LDAP server configuration was overwritten by the updated
+ openldap package. To allow running kolabconf, it has to be moved
+ back, except for the line that includes the removed rfc2739.schema:
+
+ # grep -v 'include.*rfc2739' \
+ < /kolab/etc/openldap/slapd.conf.rpmsave \
+ > /kolab/etc/openldap/slapd.conf
+
+7. Due to a change in OpenLDAP's core schema the 'countryName' or 'c'
+ attribute no longer allows using free text but only 2-letter codes
+ from ISO 3166. If you use the 'countryName' attribute to store text,
+ you will have to replace your own values with ISO country codes (the
+ recommended way) or adjust the core schema. To see a list of values
+ used in the countryName attribute (see above) run:
+
+ # awk '/^c:/ {print $2}' | sort -u
+
+ Because of the unlimited number of possible values we cannot provide
+ an upgrade script to replace the entries, but here is an example for
+ replacing "Germany" or "Deutschland" with the two-letter code "DE"
+ and "Switzerland" or "Schweiz" with "CH":
+
+ # (umask 077 && sed \
+ -e 's|^c: Germany$|c: DE|' \
+ -e 's|^c: Deutschland$|c: DE|' \
+ -e 's|^c: Switzerland$|c: CH|' \
+ -e 's|^c: Schweiz$|c: CH|' \
+ ~/kolab-2.2.4.ldif > ~/kolab-update.ldif)
+
+ http://www.iso.org/iso/english_country_names_and_code_elements
+ contains a list of possible ISO country codes.
+
+ Alternatively, if you cannot change the countryName attributes of
+ your users, you need to edit /kolab/etc/openldap/schema/core.schema
+ and /kolab/etc/openldap/schema/core.ldif and remove the line in each
+ file that contains "SYNTAX 1.3.6.1.4.1.1466.115.121.1.11" or use the
+ backup of both files you created in step 0.
+
+8. In previous versions of the Kolab Server, the Distinguished Name (dn)
+ of users was built from their common name (cn) attribute and the cn
+ was built from the attributes 'givenName' (e.g. John) and 'sn' (Doe).
+ Therefore it was not possible to have two users of the same name or
+ two accounts for the same person (cn=John Doe) since each dn must be
+ distinct.
+
+ Kolab 2.3 uses the 'uid' attribute to build the dn. This change is
+ backwards compatible. Existing users will continue to use the old dn
+ while new users will be created following the new scheme. This means
+ that you can create an account with the same cn after the upgrade.
+
+ To take however full advantage of the new scheme, you need to convert
+ your LDAP with the script 'kolab-cn2uid' which you can download from
+ http://kolab.org/cgi-bin/viewcvs-kolab.cgi/*checkout*/utils/admin/kolab-cn2uid
+ (https:// can be used to provide a secure download, if you import
+ the corresponding root certificate from https://ssl.intevation.de/)
+
+ If you want to convert your existing LDAP, please run the following
+ commands as root:
+
+ # if [ -f ~/kolab-new.ldif ]; then
+ mv ~/kolab-new.ldif ~/kolab-dn-cn.ldif
+ else
+ cp ~/kolab-2.2.4.ldif ~/kolab-dn-cn.ldif
+ fi
+ # (umask 077 && /kolab/bin/php \
+ kolab-cn2uid -i ~/kolab-dn-cn.ldif -o ~/kolab-new.ldif)
+
+9. Before starting the LDAP server the database must be restored from
+ the ldif:
-Kolab 2.3 uses the 'uid' attribute to build the dn. This change is backwards
-compatible. Existing users will continue to use the old dn while new users
-will be created following the new scheme. This means that you can create an
-account with the same cn after the upgrade.
+ # rm /kolab/var/openldap/openldap-data/*
+ # /kolab/sbin/slapadd -l ~/kolab-new.ldif
-To take however full advantage of the new scheme, you need to convert your
-LDAP with the script 'phpdn' from FIXME. To convert your existing
-LDAP, please run the following commands as root or user 'kolab':
+10. Manually transfer local changes of templates from .rpmsave into the
+ new templates and remove all .rpmsave files below /kolab/etc as
+ discussed in the "General update instructions" above.
-FIXME: needs to be checked
+11. Start the OpenLDAP, generate the configuration files and start the
+ Kolab server:
-# /kolab/sbin/slapcat > ~/old-format.ldif
-# php phpdn.php -i old-format.ldif -o new-format.ldif
-# /kolab/sbin/slappadd < ~/new-format.ldif
+ # /kolab/bin/openpkg rc openldap start
+ # /kolab/sbin/kolabconf -n
+ # /kolab/bin/openpkg rc all start
Synchronization between master and slaves is now performed using syncrepl
instead of slurpd. This change requires no further modifications on your side,