Branch '2.3-stable' - 2 commits - 1st.README
Thomas Arendsen Hein
"thomas at intevation.de" at kolabsys.com
Thu Apr 14 17:43:59 CEST 2011
1st.README | 180 +++++++++++++++++++++++++++++++++++--------------------------
1 file changed, 105 insertions(+), 75 deletions(-)
New commits:
commit c3fd375b15c27d8fbc461a3361073debc815861f
Author: Thomas Arendsen Hein <thomas at intevation.de>
Date: Thu Apr 14 17:42:03 2011 +0200
Updated 1st.README instructions for 2.2.4 -> 2.3.0
diff --git a/1st.README b/1st.README
index 42d2c22..1412589 100644
--- a/1st.README
+++ b/1st.README
@@ -129,95 +129,125 @@ Or alternatively if the Kolab server was stopped before the upgrade:
Upgrade from 2.2.4 to 2.3.0
---------------------------
-FIXME: Pakete entfernen
-FIXME: rfc2739.schema muss raus bzw darf niht zurückgemerged werden
-FIXME: Pakete recompilern für opelssl
+The new OpenLDAP version in this release of Kolab introduces many changes
+to the LDAP setup, please read and follow these instructions carefully,
+otherwise your setup might seem to work fine, but will not work reliably!
-OpenLDAP has been updated to version 2.4.23 in this release of Kolab. As this
-introduces many changes to your LDAP setup, please read these instructions
-carefully.
-
-Due to a change in OpenLDAP's core.schema the 'countryName' or 'c' attribute
-no longer allows using free text but only 2-letter codes from ISO 3166. If you
-use the 'countryName' attribute to store data, you will have to continue using
-your old core.schema or to replace your own values with ISO country codes.
-
-Both procedures are described here as follows.
-
-0. Make a backup of your installation and data stored inside /kolab
-
-1. The Kolab server must be stopped:
-
- # /kolab/bin/openpkg rc all stop
-
-2. Save the current LDAP data:
-
- Copy the contents of the openldap database, use a different output
- filename if you want. You should make sure that no other users can
- read the sensitive data contained in the ldif file, e.g. with umask
- (limited to the slapcat call by using parentheses):
-
- # (umask 077 && /kolab/sbin/slapcat > ~/kolab-2.2.4.ldif)
-
-3. Start the standard upgrade:
- (as described in the General update instructions)
-
- # sh install-kolab.sh 2>&1 | tee /root/kolab-update.log
-
-Replacing values (recommended)
-
-Because of the unlimited number of possible values we cannot provide an
-upgrade script. , but here is a little help for you:
+0. Make a backup of your installation and data stored inside /kolab
-4. To get a list of values used in the countryName attribute run
+1. The Kolab server must be stopped:
- # grep ^c: ~/kolab-2.2.4.ldif | awk '{print $2}' | sort -u
+ # /kolab/bin/openpkg rc all stop
-5. Replace the values with the ISO country codes from
- http://www.iso.org/iso/english_country_names_and_code_elements
- To replace for example "Germany" with the code "DE", run
+2. Save the current LDAP data:
- # sed 's|^c: Germany|c: DE|g' ~/kolab-2.2.4.ldif > ~/kolab-2.3.0.ldif
+ Copy the contents of the openldap database, use a different output
+ filename if you want. You should make sure that no other users can
+ read the sensitive data contained in the ldif file, e.g. with umask
+ (limited to the slapcat call by using parentheses):
-6. Import the ldif again
+ # (umask 077 && /kolab/sbin/slapcat > ~/kolab-2.2.4.ldif)
- # /kolab/sbin/slapadd < ~/new-format.ldif
+3. Some of the old Kolab packages must be removed to avoid conflicts
+ during the upgrade process:
-Keeping old values
+ # /kolab/bin/openpkg rpm -e --nodeps kolabd PHPUnit
-If you cannot change the countryName attributes of your users, you need do
-continue using your old core.schema. Make sure to do a backup before you
-upgrade to Kolab 2.3 and restore the file from the backup once the upgrade is
-done.
+4. When not using precompiled binary packages, you will need to remove
+ packages that link against openssl, unless they got updated in this
+ release. For an an update from 2.2.4 to 2.3.0, this can be done with:
-4. /kolab/etc/openldap/schema/core.schema will be saved as core.rpmsave,
- please move it back to the original name:
+ # /kolab/bin/openpkg rpm -e --nodeps \
+ apr curl imap perl-crypto perl-ssl postfix sasl
- # cd /kolab/etc/openldap && mv core.schema.rpmsave core.schema
+5. Start the standard upgrade:
+ (as described in the General update instructions)
- FIXME: verify that the file is really saved as rpmsave
- FIXME: is core.ldif needed?
+ # sh install-kolab.sh 2>&1 | tee /root/kolab-update.log
-In previous versions of the Kolab Server, the distinguishing name (dn) to name
-users was built from their common name (cn) attribute and the cn was built
-from the attributes 'givenName' (e.g. John) and 'sn' (Doe). Therefore it was
-not possible to have two users of the same name or two accounts for the same
-person (cn=John Doe) since each dn must be distinct.
+6. The LDAP server configuration was overwritten by the updated
+ openldap package. To allow running kolabconf, it has to be moved
+ back, except for the line that includes the removed rfc2739.schema:
+
+ # grep -v 'include.*rfc2739' \
+ < /kolab/etc/openldap/slapd.conf.rpmsave \
+ > /kolab/etc/openldap/slapd.conf
+
+7. Due to a change in OpenLDAP's core schema the 'countryName' or 'c'
+ attribute no longer allows using free text but only 2-letter codes
+ from ISO 3166. If you use the 'countryName' attribute to store text,
+ you will have to replace your own values with ISO country codes (the
+ recommended way) or adjust the core schema. To see a list of values
+ used in the countryName attribute (see above) run:
+
+ # awk '/^c:/ {print $2}' | sort -u
+
+ Because of the unlimited number of possible values we cannot provide
+ an upgrade script to replace the entries, but here is an example for
+ replacing "Germany" or "Deutschland" with the two-letter code "DE"
+ and "Switzerland" or "Schweiz" with "CH":
+
+ # (umask 077 && sed \
+ -e 's|^c: Germany$|c: DE|' \
+ -e 's|^c: Deutschland$|c: DE|' \
+ -e 's|^c: Switzerland$|c: CH|' \
+ -e 's|^c: Schweiz$|c: CH|' \
+ ~/kolab-2.2.4.ldif > ~/kolab-update.ldif)
+
+ http://www.iso.org/iso/english_country_names_and_code_elements
+ contains a list of possible ISO country codes.
+
+ Alternatively, if you cannot change the countryName attributes of
+ your users, you need to edit /kolab/etc/openldap/schema/core.schema
+ and /kolab/etc/openldap/schema/core.ldif and remove the line in each
+ file that contains "SYNTAX 1.3.6.1.4.1.1466.115.121.1.11" or use the
+ backup of both files you created in step 0.
+
+8. In previous versions of the Kolab Server, the Distinguished Name (dn)
+ of users was built from their common name (cn) attribute and the cn
+ was built from the attributes 'givenName' (e.g. John) and 'sn' (Doe).
+ Therefore it was not possible to have two users of the same name or
+ two accounts for the same person (cn=John Doe) since each dn must be
+ distinct.
+
+ Kolab 2.3 uses the 'uid' attribute to build the dn. This change is
+ backwards compatible. Existing users will continue to use the old dn
+ while new users will be created following the new scheme. This means
+ that you can create an account with the same cn after the upgrade.
+
+ To take however full advantage of the new scheme, you need to convert
+ your LDAP with the script 'kolab-cn2uid' which you can download from
+ http://kolab.org/cgi-bin/viewcvs-kolab.cgi/*checkout*/utils/admin/kolab-cn2uid
+ (https:// can be used to provide a secure download, if you import
+ the corresponding root certificate from https://ssl.intevation.de/)
+
+ If you want to convert your existing LDAP, please run the following
+ commands as root:
+
+ # if [ -f ~/kolab-new.ldif ]; then
+ mv ~/kolab-new.ldif ~/kolab-dn-cn.ldif
+ else
+ cp ~/kolab-2.2.4.ldif ~/kolab-dn-cn.ldif
+ fi
+ # (umask 077 && /kolab/bin/php \
+ kolab-cn2uid -i ~/kolab-dn-cn.ldif -o ~/kolab-new.ldif)
+
+9. Before starting the LDAP server the database must be restored from
+ the ldif:
-Kolab 2.3 uses the 'uid' attribute to build the dn. This change is backwards
-compatible. Existing users will continue to use the old dn while new users
-will be created following the new scheme. This means that you can create an
-account with the same cn after the upgrade.
+ # rm /kolab/var/openldap/openldap-data/*
+ # /kolab/sbin/slapadd -l ~/kolab-new.ldif
-To take however full advantage of the new scheme, you need to convert your
-LDAP with the script 'phpdn' from FIXME. To convert your existing
-LDAP, please run the following commands as root or user 'kolab':
+10. Manually transfer local changes of templates from .rpmsave into the
+ new templates and remove all .rpmsave files below /kolab/etc as
+ discussed in the "General update instructions" above.
-FIXME: needs to be checked
+11. Start the OpenLDAP, generate the configuration files and start the
+ Kolab server:
-# /kolab/sbin/slapcat > ~/old-format.ldif
-# php phpdn.php -i old-format.ldif -o new-format.ldif
-# /kolab/sbin/slappadd < ~/new-format.ldif
+ # /kolab/bin/openpkg rc openldap start
+ # /kolab/sbin/kolabconf -n
+ # /kolab/bin/openpkg rc all start
Synchronization between master and slaves is now performed using syncrepl
instead of slurpd. This change requires no further modifications on your side,
commit 42796299d4fe45f9aba968199aee74a9b450c86d
Author: Thomas Arendsen Hein <thomas at intevation.de>
Date: Thu Apr 14 12:20:15 2011 +0200
1st.README: removed trailing spaces
diff --git a/1st.README b/1st.README
index d5b9872..42d2c22 100644
--- a/1st.README
+++ b/1st.README
@@ -133,12 +133,12 @@ FIXME: Pakete entfernen
FIXME: rfc2739.schema muss raus bzw darf niht zurückgemerged werden
FIXME: Pakete recompilern für opelssl
-OpenLDAP has been updated to version 2.4.23 in this release of Kolab. As this
-introduces many changes to your LDAP setup, please read these instructions
+OpenLDAP has been updated to version 2.4.23 in this release of Kolab. As this
+introduces many changes to your LDAP setup, please read these instructions
carefully.
-Due to a change in OpenLDAP's core.schema the 'countryName' or 'c' attribute
-no longer allows using free text but only 2-letter codes from ISO 3166. If you
+Due to a change in OpenLDAP's core.schema the 'countryName' or 'c' attribute
+no longer allows using free text but only 2-letter codes from ISO 3166. If you
use the 'countryName' attribute to store data, you will have to continue using
your old core.schema or to replace your own values with ISO country codes.
@@ -166,17 +166,17 @@ Both procedures are described here as follows.
Replacing values (recommended)
-Because of the unlimited number of possible values we cannot provide an
+Because of the unlimited number of possible values we cannot provide an
upgrade script. , but here is a little help for you:
4. To get a list of values used in the countryName attribute run
# grep ^c: ~/kolab-2.2.4.ldif | awk '{print $2}' | sort -u
-5. Replace the values with the ISO country codes from
+5. Replace the values with the ISO country codes from
http://www.iso.org/iso/english_country_names_and_code_elements
To replace for example "Germany" with the code "DE", run
-
+
# sed 's|^c: Germany|c: DE|g' ~/kolab-2.2.4.ldif > ~/kolab-2.3.0.ldif
6. Import the ldif again
@@ -185,9 +185,9 @@ upgrade script. , but here is a little help for you:
Keeping old values
-If you cannot change the countryName attributes of your users, you need do
-continue using your old core.schema. Make sure to do a backup before you
-upgrade to Kolab 2.3 and restore the file from the backup once the upgrade is
+If you cannot change the countryName attributes of your users, you need do
+continue using your old core.schema. Make sure to do a backup before you
+upgrade to Kolab 2.3 and restore the file from the backup once the upgrade is
done.
4. /kolab/etc/openldap/schema/core.schema will be saved as core.rpmsave,
@@ -198,19 +198,19 @@ done.
FIXME: verify that the file is really saved as rpmsave
FIXME: is core.ldif needed?
-In previous versions of the Kolab Server, the distinguishing name (dn) to name
-users was built from their common name (cn) attribute and the cn was built
-from the attributes 'givenName' (e.g. John) and 'sn' (Doe). Therefore it was
-not possible to have two users of the same name or two accounts for the same
+In previous versions of the Kolab Server, the distinguishing name (dn) to name
+users was built from their common name (cn) attribute and the cn was built
+from the attributes 'givenName' (e.g. John) and 'sn' (Doe). Therefore it was
+not possible to have two users of the same name or two accounts for the same
person (cn=John Doe) since each dn must be distinct.
-Kolab 2.3 uses the 'uid' attribute to build the dn. This change is backwards
-compatible. Existing users will continue to use the old dn while new users
-will be created following the new scheme. This means that you can create an
+Kolab 2.3 uses the 'uid' attribute to build the dn. This change is backwards
+compatible. Existing users will continue to use the old dn while new users
+will be created following the new scheme. This means that you can create an
account with the same cn after the upgrade.
-To take however full advantage of the new scheme, you need to convert your
-LDAP with the script 'phpdn' from FIXME. To convert your existing
+To take however full advantage of the new scheme, you need to convert your
+LDAP with the script 'phpdn' from FIXME. To convert your existing
LDAP, please run the following commands as root or user 'kolab':
FIXME: needs to be checked
@@ -219,9 +219,9 @@ FIXME: needs to be checked
# php phpdn.php -i old-format.ldif -o new-format.ldif
# /kolab/sbin/slappadd < ~/new-format.ldif
-Synchronization between master and slaves is now performed using syncrepl
-instead of slurpd. This change requires no further modifications on your side,
-but if you are running multiple Kolab servers, make sure to upgrade them at
+Synchronization between master and slaves is now performed using syncrepl
+instead of slurpd. This change requires no further modifications on your side,
+but if you are running multiple Kolab servers, make sure to upgrade them at
the same time.
More information about the commits
mailing list