<!doctype html public "-//W30//DTD W3 HTML 2.0//EN"> <HTML> <!-- This file was generated using SDF 2.001 by Ian Clatworthy (ianc@mincom.com). SDF is freely available from http://www.mincom.com/mtr/sdf. --> <HEAD> <TITLE>OpenLDAP Software 2.4 Administrator's Guide: Upgrading from 2.3.x</TITLE> </HEAD> <BODY> <DIV CLASS="header"> <A HREF="http://www.OpenLDAP.org/"> <P><IMG SRC="../images/LDAPlogo.gif" ALIGN="Left" BORDER=0></P> </A> <DIV CLASS="navigate"> <P ALIGN="Center"><A HREF="index.html">Contents</A> | <A HREF="index.html">Parent Topic</A> | <A HREF="appendix-changes.html">Previous Topic</A> | <A HREF="appendix-common-errors.html">Next Topic</A> <BR><A HREF="http://www.openldap.org/">Home</A> | <A HREF="../index.html">Catalog</A></P> </DIV> <BR CLEAR="Left"> </DIV> <DIV CLASS="main"> <H1>B. Upgrading from 2.3.x</H1> <P>The following sections attempt to document the steps you will need to take in order to upgrade from the latest 2.3.x OpenLDAP version.</P> <P>The normal upgrade procedure, as discussed in the <A HREF="maintenance.html">Maintenance</A> section, should of course still be followed prior to doing any of this.</P> <HR> <H2><A NAME="{{B:cn=config}} olc* attributes">B.1. <B>cn=config</B> olc* attributes</A></H2> <P>Quite a few <EM>olc*</EM> attributes have now become obsolete, if you see in your logs entries like below, just remove them from the relevant ldif file.</P> <PRE> olcReplicationInterval: value #0: <olcReplicationInterval> keyword is obsolete (ignored) </PRE> <HR> <H2><A NAME="ACLs: searches require privileges on the search base">B.2. ACLs: searches require privileges on the search base</A></H2> <P>Search operations now require "search" privileges on the "entry" pseudo-attribute of the search base. While upgrading from 2.3.x, make sure your ACLs grant such privileges to all desired search bases.</P> <P>For example, assuming you have the following ACL:</P> <PRE> access to dn.sub="ou=people,dc=example,dc=com" by * search </PRE> <P>Searches using a base of "dc=example,dc=com" will only be allowed if you add the following ACL:</P> <PRE> access to dn.base="dc=example,dc=com" attrs=entry by * search </PRE> <P><HR WIDTH="80%" ALIGN="Left"> <STRONG>Note: </STRONG>The <EM>slapd.access</EM>(5) man page states that this requirement was introduced with OpenLDAP 2.3. However, it is the default behavior only since 2.4. <HR WIDTH="80%" ALIGN="Left"></P> <P>ADD MORE HERE</P> <P></P> </DIV> <DIV CLASS="footer"> <HR> <DIV CLASS="navigate"> <P ALIGN="Center"><A HREF="index.html">Contents</A> | <A HREF="index.html">Parent Topic</A> | <A HREF="appendix-changes.html">Previous Topic</A> | <A HREF="appendix-common-errors.html">Next Topic</A> <BR><A HREF="http://www.openldap.org/">Home</A> | <A HREF="../index.html">Catalog</A></P> </DIV> <P> <FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1"><B> ________________<BR> <SMALL>© Copyright 2011, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info@OpenLDAP.org">info@OpenLDAP.org</A></SMALL></B></FONT> </DIV> </BODY> </HTML>