Ok, maybe it's too late but I've finished my openlda migration only today ;). Migration from openldap 2.0.x to 2.1.26 (marked stable this week) is quite problematic since default schema and option have changed. Most 2.0.x slapd.conf and db won't work correctly with 2.1.x, this is not a gentoo problem but it would be nice to users having some ewarn in the ebuild with some pointers about major changes. I'm referring to: - bind_anon_dn is now off by default. So unauthenticated anonymous bind are no more allowed unless 'allow bind_anon_dn' is specified in the configuration (this is a good change!) - default schemas are changed, so existing passwd/shadow are functioning but they cannot be modified unless a new field called 'structuralObjectClass' is created for every uid. Users must 'slapcat -f backup.ldif' their db, delete it from ldap tree and rebuild it with 'slapadd -f backup.ldif'. - self signed certs are treated less gently now ;). 'TLS_REQCERT never' is now needed in ldap.conf if the server has a self-signed certificate. So what do you think, would it possible and correct having some hints about this major changes in post-inst? Reproducible: Always Steps to Reproduce: 1. 2. 3.
done in cvs.
