xref: /netbsd-src/external/bsd/openldap/dist/doc/guide/admin/appendix-upgrading.sdf (revision 181254a7b1bdde6873432bffef2d2decc4b5c22f)
1# $OpenLDAP$
2# Copyright 2007-2020 The OpenLDAP Foundation, All Rights Reserved.
3# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
4
5H1: Upgrading from 2.3.x
6
7The following sections attempt to document the steps you will need to take in order
8to upgrade from the latest 2.3.x OpenLDAP version.
9
10The normal upgrade procedure, as discussed in the {{SECT:Maintenance}} section, should
11of course still be followed prior to doing any of this.
12
13H2: {{B:cn=config}} olc* attributes
14
15Quite a few {{olc*}} attributes have now become obsolete, if you see in your logs
16entries like below, just remove them from the relevant ldif file.
17
18>           olcReplicationInterval: value #0: <olcReplicationInterval> keyword is obsolete (ignored)
19
20H2: ACLs: searches require privileges on the search base
21
22Search operations now require "search" privileges on the "entry" pseudo-attribute of the search
23base. While upgrading from 2.3.x, make sure your ACLs grant such privileges to all desired search
24bases.
25
26For example, assuming you have the following ACL:
27
28>           access to dn.sub="ou=people,dc=example,dc=com" by * search
29
30Searches using a base of "dc=example,dc=com" will only be allowed if you add the following ACL:
31
32>           access to dn.base="dc=example,dc=com" attrs=entry by * search
33
34Note: The {{slapd.access}}(5) man page states that this requirement was introduced
35with OpenLDAP 2.3. However, it is the default behavior only since 2.4.
36
37
38
39ADD MORE HERE
40
41