/* $Id: UPDATE,v 1.1.2.2 2005/02/24 14:30:22 ceb Exp $ */

this text explains a step-by-step migration from old (0.9.14)
LDAP Accounts to the new version of LDAP Accounts/Groups (0.9.16).

1. Make a backup of your existing LDAP
  - Make sure you are 'root'

  - Stop your LDAP server
    >/etc/init.d/slapd stop (debian)

  - Locate your LDAP repository directory and make a backup
    >tar cvzf ~/ldap_bak.tar.gz /var/lib/ldap

  - Restart your LDAP server
    >/etc/init.d/slapd start

2. Get all accounts/groups for the phpgw 0.9.14 in your LDAP

   - Search for all phpgw accounts
     -h <ldaphost>
     -D <bindDN>
      (you don't need this one if you allow anonymous access
       to your LDAP)
     -x simple bind
     -W ask for password
      (you don't need this one if you allow anonymous access
       to your LDAP)
     -b <baseDN> of your basedn with the phpgw accounts

   >ldapsearch -h localhost -D cn=Manager,dc=yourdomain,dc=yourcountry
-x -W -b ou=accounts,dc=yourdomain,dc=yourcountry
"(&(objectclass=phpgwAccount)(phpgwAccountType=u))" >
~/phpgwAccounts.ldif

   - Search for all phpgw groups
     Just change the 'u' to 'g' and the target file in the command:

   >ldapsearch -h localhost -D cn=Manager,dc=yourdomain,dc=yourcountry
-x -W -b ou=accounts,dc=yourdomain,dc=yourcountry
"(&(objectclass=phpgwAccount)(phpgwAccountType=g))" > ~/phpgwGroups.ldif

3. Delete all old 0.9.14 LDAP entries.
   - The easiest way to delete these entries is to use the gq
     application to delete the hole baseDN for your phpgw accounts and
     groups; and to only recreate this baseDN again.

   - Make sure you delete all addressbook entries in your LDAP as well.
     The new contact backend doesn't allow LDAP as a repository.
     Sorry for that.

4. Change LDAP schema
   - Once you have deleted all old phpgw 0.9.14 entries stop your
     LDAP server again.
   - Edit your LDAP server configuration file:
     >vi /etc/ldap/slapd.conf  (debian)
     
   - Locate following line in the config file:
     include         /etc/openldap/schema/phpgwaccount.schema

   - Change it to:
     include         /etc/openldap/schema/phpgroupware.schema

   - Locate following line in the config file:
     include         /etc/openldap/schema/phpgwcontact.schema
   - Remove this line

   - Restart your LDAP server

5. Adapt your exported ldif file for accounts:

   - Edit your exported phpgwAccounts.ldif file:
   >vi ~/phpgwAccounts.ldif

   - Each ldif entry (they are separated by a blank line)
     must be altered either by hand or by search/replace
     statements

   - Make sure each ldif entry only have following
     objectclasses:

     objectClass: posixAccount
     objectClass: account
     objectClass: phpgwAccount

    - Delete all lines with
      
      phpgwAccountType:
    
      at the beginning

    - Replace following attributes:
      
      phpgwAccountLastLogin:  to (->)  phpgwLastLogin:
      phpgwAccountLastLoginFrom: -> phpgwLastLoginFrom:

    - Add an additional attribute and give it the uidnumber value
    
      phpgwAccountID: <uidnumber of this ldap entry>

    - remove all line under following line:
      # search result

6. Adapt your exported ldif file for groups:

   - Make sure each ldif entry only have following
     objectclasses:

     objectClass: posixGroup
     objectClass: phpgwGroup

    - Delete all lines with
      
      phpgw
      userPassword:
    
      at the beginning

    - Add an additional attribute and give it the gidnumber value
    
      phpgwGroupID: <gidnumber of this ldap entry>

    - remove all line under following line:
      # search result

7. Import your accounts/groups to ldap again

    >ldapadd -h localhost -D cn=Manager,dc=yourdomain,dc=yourcountry -x
-W  -f ~/phpgwGroups.ldif

    >ldapadd -h localhost -D cn=Manager,dc=yourdomain,dc=yourcountry -x
-W  -f ~/phpgwAccounts.ldif


These update instructions ONLY are valid if you want to update
the phpgroupware.schema file (Version 1.0) from 0.9.16-RC2
to the phpgroupware.schema file (Version 1.1)
See the phpgroupware.schema file to get your current version.

	1. Make a backup copy of your LDAP database.
		In most cases you just have to backup the directory
		"/var/lib/ldap/"
		
	2. Export all existing phpgw-accounts to a file:
	
		ldapsearch -x -W -h <ldap host> -D <binddn> -b <basedn> objectclass=phpgwAccount > /tmp/export.ldif

		Replace <ldap host> (for example: localhost)
		Replace <binddn> (for example: cn=admin,dc=probusiness,dc=de)
		Replace <basedn> (for example: ou=people,dc=probusiness,dc=de)
		
		You will find all your phpgw accounts in the file /tmp/export.ldif
		
	3. Delete all phpgw-accounts:
		
		To get a complete list of all DNs we have to delete, type in
		following command:
		
		cat /tmp/export.ldif | grep dn:
		
		Following command will delete ONE LDAP entry:
		
		ldapdelete -h <ldap host> -D <binddn> -x -W "<dn>"
		
		Replace <dn> with one DN of the list.
		Repeat the ldapdelete command for all DNs of your list.
		
	4. Alter your export.ldif file:
		Edit the export.ldif file and
		
		search for: accountStatus
		replace it with: phpgwAccountStatus
		
		search for: accountExpires
		replace it with: phpgwAccountExpires

		search for: lastLogin
		replace it with: phpgwLastLogin

		search for: lastLoginFrom
		replace it with: phpgwLastLoginFrom

		search for: lastPasswordChange
		replace it with: phpgwLastPasswordChange
		
		Save the export.ldif file.
		
	5. Replace schema file:
		
		Stop your LDAP server:
		/etc/init.d/slapd stop (debian)
		/etc/init.d/ldap stop (suse)
		
		Replace the phpgroupware.schema file with the actual version.
		
		Start you LDAP server again:
		/etc/init.d/slapd start
		/etc/init.d/ldap start
		
	6. Import the export.ldif file:
		
		ldapadd -h <ldap host> -D <binddn> -x -W -f /tmp/export.ldif
		