If you are in a migration strategy or if disaster strikes your master ClearOS server, you may need to promote your OpenLDAP replicate server to a master. This guide will show you how to easily make the switch.
This method has minimal real world testing. If you encounter errors related to this method, please report them to email@example.com. Make sure to backup everything! Especially /etc/openldap/ and /var/lib/ldap/
This is for ClearOS 5.x only. There is currently no published method for ClearOS 6.x or 7.x
First, validate that the organizational information is the same between your master and the replicate (all but the Internet Hostname). If your master server is not available, you can glean this information from the replicate by running:
slapcat -n3 > /tmp/ldapdumpfile
Then edit /tmp/ldapdumpfile and locate a default user. The information in the following attributes is pertinent:
This information can be entered into Webconfig on the replicate by navigating to Directory > Setup > Organization.
Changing this information can disrupt certificate services on the replicate. Be prepared to reissue and reinstate certificates to users.
Second, validate the the directory (which is currently read only) on the replicate server is complete and viable. You can do this by validating the user list in Webconfig or by perusing the directory.
Next, locate a copy of /etc/openldap/slapd.conf from the old master server. You will need to either get this from the live server (migration scenario) or from a backup source (disaster recovery scenario). Backup the replicate settings as well.
cp /etc/openldap/slapd.conf /etc/openldap/slapd.conf.old.replicate
Stop the LDAP services.
service ldap stop
Manually change the mode in /etc/cleardirectory/config from 'replicate' to 'master' or to 'standalone'.
The file should look something like this now:
mode = master
Next, copy the configuration file from the master over the config for the replicate. If the master config file was copied to /root your command may look like this:
cp /root/slapd.conf /etc/openldap/slapd.conf
Confirm the overwrite.
Finally, ensure that the permissions on the slapd.conf are correct:
chown root:ldap /etc/openldap/slapd.conf
chmod 640 /etc/openldap/slapd.conf
Starting it up as the master
Now, start the LDAP server by running the following:
service ldap start
It should execute without errors. Ensure that the database is viable by creating a test group or user.
Notes on Samba