Re: Need to revert openldap-server to 2.57

In reply to: Per olof Ljungmark : "Re: Need to revert openldap-server to 2.57"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Philip Paeps <philip_at_freebsd.org>
Date: Mon, 07 Jun 2021 10:50:26 UTC

On 2021-06-07 18:32:18 (+0800), Per olof Ljungmark wrote:
> On 6/7/21 12:11 PM, Philip Paeps wrote:
>> On 2021-06-07 17:47:57 (+0800), Per olof Ljungmark wrote:
>>> A bit urgent...
>>>
>>> After updating to openldap-server 2.59 slapd refuses to start, how 
>>> can I revert to 2.57 with ports and git while troubleshooting the 
>>> update?
>>
>> You're probably running into the same issue I ran into this weekend 
>> when I upgraded the FreeBSD.org cluster's ldap-master.
>>
>> The problem we had that openldap24-server since 2.4.58_2 wants to 
>> build all overlays as modules.  We use the syncprov module in our 
>> configuration for replication.  That by itself isn't too exciting 
>> ... except that we also store the configuration inside LDAP.
>>
>> I rebuilt openldap24-server without DYNAMIC_MODULES and with 
>> SYNCPROV. That didn't work either because we expect the mdb backend 
>> to be loaded as a module.  Second try: with DYNAMIC_BACKENDS, 
>> without DYNAMIC_MODULES, with SYNCPROV.  That worked.
>>
>> Give that a go.
>>
>> Meanwhile, if you have to downgrade, you can always do a pkg install 
>> /var/db/pkg/openldap-version-that-worked.
>
> Well thanks a lot! But then, why DYNAMIC_BACKENDS marked as 
> DEPRECATED?
>
> Anyway, thanks again, saved my day.

As I understand it, DYNAMIC_BACKENDS predates DYNAMIC_MODULES and is a 
subset of it.  With DYNAMIC_BACKENDS, you only build the backends as 
modules but you compile in the overlays.  With DYNAMIC_MODULES, both the 
backends and the overlays are built as modules.

Going from the configuration we (and possibly you?) have to 
DYNAMIC_MODULES may be a little bit interesting though.  To modify the 
configuration to dynamically load the overlay, we'll have to be running 
a slapd with the overlay statically built in.  And we'll need to do this 
a little bit carefully because the replicas also replicate the config.

For now I will keep DYNAMIC_BACKENDS but leave DYNAMIC_MODULES off.  
It's a little ... disruptive ... when LDAP goes down. :)

Philip

-- 
Philip Paeps
Senior Reality Engineer
Alternative Enterprises