1# $OpenLDAP$ 2# Copyright 2007-2020 The OpenLDAP Foundation, All Rights Reserved. 3# COPYING RESTRICTIONS APPLY, see COPYRIGHT. 4 5H1: Upgrading from 2.3.x 6 7The following sections attempt to document the steps you will need to take in order 8to upgrade from the latest 2.3.x OpenLDAP version. 9 10The normal upgrade procedure, as discussed in the {{SECT:Maintenance}} section, should 11of course still be followed prior to doing any of this. 12 13H2: {{B:cn=config}} olc* attributes 14 15Quite a few {{olc*}} attributes have now become obsolete, if you see in your logs 16entries like below, just remove them from the relevant ldif file. 17 18> olcReplicationInterval: value #0: <olcReplicationInterval> keyword is obsolete (ignored) 19 20H2: ACLs: searches require privileges on the search base 21 22Search operations now require "search" privileges on the "entry" pseudo-attribute of the search 23base. While upgrading from 2.3.x, make sure your ACLs grant such privileges to all desired search 24bases. 25 26For example, assuming you have the following ACL: 27 28> access to dn.sub="ou=people,dc=example,dc=com" by * search 29 30Searches using a base of "dc=example,dc=com" will only be allowed if you add the following ACL: 31 32> access to dn.base="dc=example,dc=com" attrs=entry by * search 33 34Note: The {{slapd.access}}(5) man page states that this requirement was introduced 35with OpenLDAP 2.3. However, it is the default behavior only since 2.4. 36 37 38 39ADD MORE HERE 40 41