How to migrate LDAP (database,schema,configuration) to other machine

Solution 1:

The solution :

So here's what I did to make this works.

  1. Stop Slapd on main server
  2. Slapcat databases from the main server (There are 2 database that needs to be exported. I use the "-n" tag

    slapcat -n 0 -l (config file location)

This one will export all schema and cn=config and

    slapcat -n 1 -l <database backup ldif path>

This on will export all user data that you keep in LDAP.

  1. SCP the 2 ldif file to the new server (make sure you installed LDAP on the server and make sure the configuration are almost identical to make this easier)
  2. stop slapd on the new server.
  3. delete the content of folder

  4. use slapadd to import the configuration to the new server

    slapadd -n 0 -l (config ldif location)

    -n 0 is for adding configuration back to LDAP

    slapadd -n 1 -l (database ldif location)

    -n 1 is for adding database back to LDAP

*EDIT: Somehow those command won't work on my 2nd 3rd .... and so on try. So The proper command That I've verfied that it works are

  slapadd -n 0 -F /etc/ldap/slapd.d -l <config backup ldif path>


  slapadd -n 1 -l <data backup ldif path>
  1. change the permission in the /etc/ldap/slapd.d folder (chown and chmod). I chown it to openldap and chmod it to 755

Also Change permission in the /var/lib/ldap folder (chown and chmod) to openldap

if you have certificate for TLS connection. Copy the certificates and keys from old server to new server to the same exact location. change the permission on the places.

  1. start slapd.

and it should be good to go.

Hopes this helps other people

Solution 2:

Export both trees (cn=config and your regular data) into LDIF, import them back on the new server (cn=config first). Done.

Also, cn=config is essentially just a collection of LDIF files and it might be possible to just copy this collection to the same relative location on the new server (while slapd is not running).