Migrate FusionDirectory from 1.0.8.9 to 1.0.9

Backup you template First

The template system has been completely rewritten, and the old template will not be converted, so you need to backup them, remove them from FusionDirectory and then redo them.

The new system is much cleaner because template are stored in they own branch now and are the basis for having template for the whole application in the future.

Backup your phones

You must backup all your phones in a LDIF and remove them. Modify your LDIF like below:

Before

cn=namePhone,ou=phones,ou=systems,dc=labo,dc=opensides,dc=be
cn: namePhone
goFonType: friend
goFonDmtfMode: inband
goFonDefaultIP:
dynamic ipHostNumber: 127.0.0.1
macAddress: 00:0C:7F:31:33:F1
objectClass: top

After

cn=namePhone,ou=phones,ou=systems
cn: namePhone
ipHostNumber: 127.0.0.1
macAddress: 00:0C:7F:31:33:F1
objectClass: fdPhone
objectClass: device
objectClass: ieee802Device
objectClass: ipHost

After the migration you may insert your phone again in your LDAP.

You can use the next command to backup your phones

ldapsearch -xLLL -b ou=phones,ou=systems,dc=labo,dc=opensides,dc=be > backupPhones.ldif

Moved Attributes

We cleaned the core of FusionDirectory to only used classical attributes and objectClass, so the FusionDirectory special attributes on the first page of FusionDirectory are now managed by the personal plugin.

The personal plugin has been made to manage all kind of personal data and is best suited to contain those data not normalized. So of you use personalTitle, dateOfBirth, gender you will need to install the personal plugin.

Upgrade FusionDirectory

Upgrade FusionDirectory core package before other ones to avoid dependencies errors

Debian

apt-get install fusiondirectory

Upgrade FusionDirectory schema package too.

apt-get install fusiondirectory-schema

RPM

apt-get install fusiondirectory

Upgrade FusionDirectory schema package too.

yum remove fusiondirectory
yum install fusiondirectory

Upgrade FusionDirectory schema package too.

apt-get install fusiondirectory

Upgrade FusionDirectory schema package too.

yum remove fusiondirectory-schema
yum install fusiondirectory-schema

There is a new schema for the templates, so you need to run

fusiondirectory-insert-schema

Removed obsolete plugins

In this version we removed obsolete plugin, because they where based on software no longer existing or needed an sql backend and we decided they need to be rewritten using the now ldap backend of those softwares :

  • asterisk : old plugin not maintainable anymore based on the sql backend, but now asterisk has an ldap backend has well.
  • fax : old code based on the gofax software from gonicus, not maintained anymore upstream.
  • openstack-compute : openstack management interface changed and this plugin is no longer relevant
  • uw-imap : long gone imap server, nobody that whe know still use it

They are no longer supported and should be removed from your installation

New Plugin for peoples using a mix of groupOfNames and posixGroup on the same object

We cleaned the code of FusionDirectory and by default it make posixGroup or clean standard compliant groupOfNames. If you need a mix of groupOfNames and posixGroup on the same object you will need to install a new plugin called mixedgroups.

Warning

Please take note that this plugin is for special cases and need modified core schema. !!

If you need to have a link between user and groups you are better using the standard compliant groupOfNames or roles for examples for web applications.

apt-get install fusiondirectory-plugin-mixedgroups

Upgrade of LDAP directory

Upgrade Core FusionDirectory Schema

The password recovery schema has been migrated into the core schema so you must remove it first

fusiondirectory-insert-schema -e recovery-fd
Are you sure you want to empty schema(s) recovery-fd?
[Yes/No]? Yes

Upgrade the core-fd.schema and core-fd-conf.schema

fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd.schema

fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd-conf.schema

If you use the argonaut plugin, upgrade the argonaut.schema

fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/argonaut-fd.schema

If you use the fai plugin, upgrade the fai-fd-conf.schema

fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/fai-fd-conf.schema

If you use the mail plugin, upgrade the mail-fd.schema

fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/mail-fd.schema

If you use the personal plugin, upgrade the personal-fd.schema

fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/personal-fd.schema

If you use the squid plugin, upgrade the proxy-fd.schema

fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/proxy-fd.schema``

If you use the system plugin, upgrade the service-fd.schema, systems-fd.schema, systems-fd-conf.schema

The Phone object has been migrated to the system plugin due to the removal of the asterisk plugin.

fusiondirectory-insert-schema -e asterisk-fd-conf
Are you sure you want to empty schema(s) asterisk-fd-conf?
[Yes/No]? Yes
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/service-fd.schema

fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/systems-fd-conf.schema

fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/systems-fd.schema

Check for deprecated attributes and objectClasses in your LDAP

  • fusiondirectory-setup –list-deprecated List deprecated attributes and objectclasses Deprecated attributes:
fusiondirectory-setup --list-deprecated List deprecated attributes and objectclasses Deprecated attributes:

 gotoModules                    (GOto - Gonicus Terminal Concept, value kernel modules.)        - 1.3.6.1.4.1.10098.1.1.1.32``
 fdPasswordHook                 (FusionDirectory - Password hook (external command))            - 1.3.6.1.4.1.38414.8.13.4``
 fdSnapshotURI                  (FusionDirectory - Snaphost URI)                                - 1.3.6.1.4.1.38414.8.17.3``
 gotoXVsync                     (GOto - Gonicus Terminal Concept, value xVsync.)                - 1.3.6.1.4.1.10098.1.1.1.19``
 ghSoundAdapter                 (Hardware definitions, value soundAdapter)                      - 1.3.6.1.4.1.10098.1.1.2.7``
 gotoXMouseport                 (GOto - Gonicus Terminal Concept, value xMouseport.)            - 1.3.6.1.4.1.10098.1.1.1.22``
 gotoXMonitor                   (GOto - Gonicus Terminal Concept, value xMonitor.)              - 1.3.6.1.4.1.10098.1.1.1.17``
 gotoAdaptPath                  (GOto - Gonicus Terminal Concept, value adaptpath.)             - 1.3.6.1.4.1.10098.1.1.1.33``
 gotoScannerClients             (GOto - Gonicus Terminal Concept, value scannerClients.)        - 1.3.6.1.4.1.10098.1.1.1.11``
 gotoHardwareChecksum           (GOto - quick way to see if something has changed)              - 1.3.6.1.4.1.10098.1.1.2.12``
 gotoRootPasswd                 (GOto - Gonicus Terminal Concept, value rootPasswd.)            - 1.3.6.1.4.1.10098.1.1.1.14``
 gotoXKbLayout                  (GOto - Gonicus Terminal Concept, value xKblayout.)             - 1.3.6.1.4.1.10098.1.1.1.26``
 gotoProfileServer              (GOto - specifies the profile server)                           - 1.3.6.1.4.1.10098.1.1.11.8``
 fdAccountRDN                   (FusionDirectory - use a placeholder pattern for generating account RDNs)       - 1.3.6.1.4.1.38414.8.12.2``
 gotoScannerEnable              (GOto - Gonicus Terminal Concept, value scannerEnable.)         - 1.3.6.1.4.1.10098.1.1.1.10``
 ghGfxAdapter                   (Hardware definitions, value Grafikkarte)                       - 1.3.6.1.4.1.10098.1.1.2.9``
 gotoFontPath                   (GOto - Gonicus Terminal Concept, value fontPath.)              - 1.3.6.1.4.1.10098.1.1.1.5``
 ghIdeDev                       (Hardware definitions, value ideDev)                            - 1.3.6.1.4.1.10098.1.1.2.4``
 gotoLpdEnable                  (GOto - Gonicus Terminal Concept, value lpdEnable.)             - 1.3.6.1.4.1.10098.1.1.1.9``
 gotoXKbVariant                 (GOto - Gonicus Terminal Concept, value xKbvariant.)            - 1.3.6.1.4.1.10098.1.1.1.27``
 fdRfc2307bis                   (FusionDirectory - rfc2307bis)                                  - 1.3.6.1.4.1.38414.8.10.1``
 gotoAutoFs                     (GOto - Gonicus Terminal Concept, value autofs.)                - 1.3.6.1.4.1.10098.1.1.1.31``
 gotoSndModule                  (GOto - Gonicus Terminal Concept, value sound Modules.)         - 1.3.6.1.4.1.10098.1.1.1.29``
 gotoCdromEnable                (GOto - Gonicus Terminal Concept, value cdromEnable.)           - 1.3.6.1.4.1.10098.1.1.1.8``
 gotoScannerModel               (GOto - Gonicus Terminal Concept, value scannerModel.)          - 1.3.6.1.4.1.10098.1.1.1.40``
 gosaLoginRestriction           (GOsa - Multivalue attribute to carry a number of allowed ips/subnets)  - 1.3.6.1.4.1.10098.1.1.12.46``
 gotoXColordepth                (GOto - Gonicus Terminal Concept, value xColordepth.)           - 1.3.6.1.4.1.10098.1.1.1.21``
 academicTitle                  (Field to represent the academic title)                         - 1.3.6.1.4.1.10098.1.1.6.2``
 fdSnapshotAdminDn              (FusionDirectory - Snaphost admin dn)                           - 1.3.6.1.4.1.38414.8.17.4``
 gotoFilesystem                 (GOto - Gonicus Terminal Concept, value filesystem.)            - 1.3.6.1.4.1.10098.1.1.1.6``
 ghInventoryNumber              (Unique number for inclusion in an inventory)                   - 1.3.6.1.4.1.10098.1.1.2.10``
 gosaSubtreeACL                 (GOsa - ACL entry)                                              - 1.3.6.1.4.1.10098.1.1.12.1``
 fdIdGenerator                  (FusionDirectory - An automatic way to generate new user ids)   - 1.3.6.1.4.1.38414.8.12.4``
 ghUsbSupport                   (Hardware definitions, value usbSupport)                        - 1.3.6.1.4.1.10098.1.1.2.3``
 gotoSysStatus                  (Keeps current system status - info shown in GOsa)              - 1.3.6.1.4.1.10098.1.1.2.11``
 fdCopyPaste                    (FusionDirectory - (de)Activate copy/paste)                     - 1.3.6.1.4.1.38414.8.14.5``
 gotoXDriver                    (GOto - Gonicus Terminal Concept, value xDriver.)               - 1.3.6.1.4.1.10098.1.1.1.28``
 gotoXKbModel                   (GOto - Gonicus Terminal Concept, value xKbmodel.)              - 1.3.6.1.4.1.10098.1.1.1.25``
 fdPersonalTitleInDN            (FusionDirectory - Personal title in dn)                        - 1.3.6.1.4.1.38414.8.12.5``
 gotoLpdServer                  (GOto - Gonicus Terminal Concept, value lpdServer.)             - 1.3.6.1.4.1.10098.1.1.1.4``
 gotoXHsync                     (GOto - Gonicus Terminal Concept, value xHsync.)                - 1.3.6.1.4.1.10098.1.1.1.18``
 gotoProfileFlags               (GOto - Flags for Profile handling - C is for caching)          - 1.3.6.1.4.1.10098.1.1.11.7``
 ghCpuType                      (Hardware definitions, value cpuType)                           - 1.3.6.1.4.1.10098.1.1.2.1``
 gotoXResolution                (GOto - Gonicus Terminal Concept, value xResolution.)           - 1.3.6.1.4.1.10098.1.1.1.20``
 gotoShare                      (GOto - specifies a share)                                      - 1.3.6.1.4.1.10098.1.1.11.9``
 gotoScannerBackend             (GOto - Gonicus Terminal Concept, value scannerBackend.)        - 1.3.6.1.4.1.10098.1.1.1.39``
 fdSnapshotAdminPassword        (FusionDirectory - Snaphost admin password)                     - 1.3.6.1.4.1.38414.8.17.5``
 fdVoicemailContexts            (FusionDirectory - available voicemail contexts)                - 1.3.6.1.4.1.38414.19.11.2``
 gosaDefaultLanguage            (GOsa - Defines the default language for a user)                - 1.3.6.1.4.1.10098.1.1.12.14``
 ghMemSize                      (Hardware definitions, value memSize)                           - 1.3.6.1.4.1.10098.1.1.2.2``
 gotoProfileQuota               (GOto - save quota for home)                                    - 1.3.6.1.4.1.10098.1.1.11.15``
 fdSipContexts                  (FusionDirectory - available sip contexts)                      - 1.3.6.1.4.1.38414.19.11.1``
 fdPhoneConferenceRDN           (FusionDirectory - Phone conference RDN)                        - 1.3.6.1.4.1.38414.19.10.3``
 ghScsiDev                      (Hardware definitions, value scsiDev)                           - 1.3.6.1.4.1.10098.1.1.2.5``
 fdPhoneMacroRDN                (FusionDirectory - Phone macro RDN)                             - 1.3.6.1.4.1.38414.19.10.2``
 ghNetNic                       (Hardware definitions, value Network Device)                    - 1.3.6.1.4.1.10098.1.1.2.8``
 gotoFloppyEnable               (GOto - Gonicus Terminal Concept, value floppyEnable.)          - 1.3.6.1.4.1.10098.1.1.1.7``
 gotoXMouseButtons              (GOto - Gonicus Terminal Concept, value xMouseButtons.)         - 1.3.6.1.4.1.10098.1.1.1.23``
 gotoXMouseType                 (Hardware definitions, value Type of mouse)                     - 1.3.6.1.4.1.10098.1.1.1.34``

Deprecated objectClasses:

goCupsServer                   (CUPS server description)                                       - 1.3.6.1.4.1.10098.1.2.1.23``
gosaCacheEntry                 (GOsa - Class for GOsa caching)                                 - 1.3.6.1.4.1.10098.1.2.1.19.3``
gosaUserTemplate               (GOsa - Class for GOsa User Templates)                          - 1.3.6.1.4.1.10098.1.2.1.19.11``
gosaAccount                    (GOsa - Class for GOsa Accounts)                                - 1.3.6.1.4.1.10098.1.2.1.19.6``
gosaObject                     (GOsa - Class for GOsa settings)                                - 1.3.6.1.4.1.10098.1.2.1.19.1``
  • fusiondirectory-setup –check-deprecated will output a list of dn using old attributes and objectClasses
fusiondirectory-setup --check-deprecated
List LDAP entries using deprecated attributes or objectclasses
cn=fusiondirectory,ou=configs,dc=labo,dc=opensides,dc=be contains an obsolete attribute
cn=fusiondirectory,ou=configs,dc=labo,dc=opensides,dc=be uses the obsolete object class fdAsteriskPluginConf
uid=fd-admin,ou=people,dc=labo,dc=opensides,dc=be uses the obsolete object class gosaAccount
  • fusiondirectory-setup –ldif-deprecated will output an ldif file on the console that you can use with ldapmodify to clean you ldap server from old attributes. If they are old objectClasses it will warn you and you will have to remove it by hand, they have been specified at the fusiondirectory-setup –check-deprecated step.
fusiondirectory-setup –ldif-deprecated
dn:cn=fusiondirectory,ou=configs,dc=labo,dc=opensides,dc=be
changetype:modify delete:fdRfc2307bis
-
delete:fdCopyPaste
-

WARNING: There are entries in the LDAP using obsolete classes, you need to edit them manually

Warning

Please read it carefully before applying !!

Remove old schema from /etc/ldap/schema/fusiondirectory

The old schema are not automatically removed from /etc/ldap/schema/fusiondirectory. You can safely remove recovery-fd.schema and asterisk-fd.conf

Problems when we removing objectClasses

When you remove gosaAccount you can have some troubles.

If you have samba plugin installed you must remove the next attributes on the users where the samba tab is not activate.

  • sambaBadPasswordTime
  • sambaBadPasswordCount
  • sambaNTPassword
  • sambaPwdLastSet

If you use argonaut client tab on some objets

To add the new attribute argonautClientProtocol, you must only open the objets that have an argonaut client tab and save it again.