Migrating an LDAP server between two machines requires precision to ensure that all schemas and user data remain intact. Whether you are upgrading your hardware or moving to a new environment, a successful migrate OpenLDAP procedure depends on matching software requirements and dependencies. In theory, adding more resources to the new VPS does not hinder the process, as long as the operating system and LDAP versions are compatible.
Key Points
- LDAP migration involves two layers: the schema (data structure) and the user data itself.
- The slapcat utility is used to export databases from the source server while the service is stopped.
- Configuration files (cn=config or slapd.conf) must be replicated exactly on the new machine.
- Permissions and ownership for the /etc/ldap and /var/lib/ldap directories must be restored manually.
This guide focuses on restoring a configuration on a clean VPS with the minimum required software. If you are starting from scratch and need a full walkthrough, you should check our guide on how to install and setup an LDAP server on Ubuntu. To replicate the existing server, you will need to copy Slapcat databases, user schemas, and configuration files.
Steps to perform on the source (old) server
Before moving any files, you must stop the Slapd service to prevent data corruption during the export process. Using the “n” tag with slapcat allows you to export different database backends separately.
- Stop the Slapd service.
- Export the configuration database:
slapcat -n 0 -l /backup/path/config.ldif - Export the main user database:
slapcat -n 1 -l /backup/path/database.ldif
How to restore data during LDAP migration?
On the new VPS, install the necessary utilities. For Debian/Ubuntu systems, use apt install slapd ldap-utils, and for CentOS, use yum install openldap-servers. Ensure the LDAP configuration is as close to identical as possible to make the migration easier.
Restoring the configuration and database
Stop the Slapd service on the new VPS and clear the default configuration folder /etc/ldap/slapd.d. Use the slapadd command to import your backed-up files in the correct order.
slapadd -n 0 -l /backup/path/config.ldif slapadd -n 1 -l /backup/path/database.ldif
After the import, you must restore the correct ownership and permissions. Set the owner to the openldap user and use chmod 755 for both /etc/ldap/slapd.d and /var/lib/ldap directories.
Managing TLS Certificates and Verification
If your old server used TLS, you must copy the certificates and keys to the exact same paths on the new VPS. Without matching paths for TLSCertificateFile and TLSCertificateKeyFile, the service will fail to start.
Once everything is in place, start the service and verify the ldap migration using ldapsearch. Running a query against the new Slapd instance confirms that the records and schemas were transferred correctly. Using optimized RAM and DISK resources on your new VPS will ensure the LDAP directory responds quickly to high-frequency authentication requests.
As these are unmanaged services, the responsibility for maintaining the LDAP directory structure and security lies with the administrator. Our support ensures the VPS network and basic functions are okay, but the integrity of your migrated data depends on following these export and import procedures correctly.
