F43 Change Proposal: 389_Directory_Server_3.2.0 (self-contained)

Wiki - https://fedoraproject.org/wiki/Changes/389_Directory_Server_3.2.0
Discussion thread -
https://discussion.fedoraproject.org/t/f43-change-proposal-389-directory-server-3-2-0-self-contained/156322

This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes
process, proposals are publicly announced in order to receive
community feedback. This proposal will only be implemented if approved
by the Fedora Engineering Steering Committee.

== Summary ==
Starting from 389-ds-base version 3.2.0, the directory server does no
longer supports the deprecated BerkeleyDB, so LDMB database must be
used. Users still using BerkeleyDB will have to migrate their data.


== Owner ==
* Name: 389 Directory Server Development Team
Primary contact:
* Name: [[User:progier| Pierre Rogier]]
* Email: progier (at) redhat (dot) com



== Detailed Description ==
389-ds-base support of BerkeleyDB is deprecated since F40:
[[Changes/389_Directory_Server_3.0.0]]. In F43 with 389-ds-base
version 3.2.0:
* 389-ds-base dependency towards libdb is removed.
* A new 389-ds-base-robdb-libs package implements a BerkeleyDb reader
that allows exporting databases into ldif and performing the migration
toward lmdb. This package should be supported until at least F45

== Feedback ==
No feedback yet.


== Benefit to Fedora ==

Yet another step on the way to remove a deprecated piece of software
no longer supported by the upstream community.
(See https://fedoraproject.org/wiki/Changes/Libdb_deprecated)
A final step is planned in Fedora 46 about removing the
389-ds-base-robdb-libs package and get fully rid of BerkeleyDB support
in 389 Directory Server

== Scope ==
* Proposal owners:
Limited change are needed (Proof of concept exists so what remains is
mostly rebasing the pull request, reviewing the changes and testing
them)

* Other developers: N/A (not needed for this Change)

* Release engineering: [https://pagure.io/releng/issues #Releng issue number]
No coordination needed.

* Policies and guidelines: N/A (not needed for this Change)

* Trademark approval: N/A (not needed for this Change)

* Alignment with the Fedora Strategy:


== Upgrade/compatibility impact ==
* The directory server no longer support the BerkeleyDB implementation
that is obsolete since Fedora 40
[https://fedoraproject.org/wiki/Changes/389_Directory_Server_3.0.0].
* Directory server instances already using lmdb as database are not
impacted. (typically those created with Fedora 40 and after)
* freeipa is not impacted because it already uses lmdb since Fedora 40
* The other applications that use the directory server through LDAP
API are not impacted by the directory server database internal
implementation.
* Data migration is required if the Directory Server instances are
still configured with BerkeleyDB.
* In that case, the data migration should then be performed using
''dsctl dblib bdb2mdb'' command or manually following the 389ds
Berkeley DB deprecation FAQ
[https://www.port389.org/docs/389ds/FAQ/Berkeley-DB-deprecation.html#manual-method---export-to-ldif]
instructions


== Early Testing (Optional) ==
N/A


== How To Test ==
Mainly the test will need to:
* 389-ds-base package should build successfully
* Check that starting instance configured with bdb is failing and logs
an error message (both in dirsrv error log and in the system journal)
telling that database should be upgraded
* Run ''dsctl dblib bdb2mdb'' command
* Check that instance can now be started



== User Experience ==
Directory server instances created since Fedora 40 and using the
default lmdb database are not impacted (that is typically the case for
freeipa users).

But users still using BerkeleyDB (either because they have not yet
migrated or because they explicitly choose to use BerkeleyDB) are
required to migrate to lmdb.

If this step is not done, the instance will not be able to start after
the upgrade and the following error message is displayed in the dirsrv
error log and in the system journal:
''bdb implementation is no longer supported. Directory server cannot
be started without migrating to lmdb first. To migrate, please run:
dsctl instanceName dblib bdb2mdb''

User then needs to migrate the data either using the dsctl command or
manually by following the
https://www.port389.org/docs/389ds/FAQ/Berkeley-DB-deprecation.html#manual-method---export-to-ldif
steps

== Dependencies ==
None


== Contingency Plan ==
* Contingency mechanism: (What to do? Who will do it?) N/A (not a
System Wide Change)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change)


== Documentation ==
N/A (not a System Wide Change)


== Release Notes ==

--
Aoife Moloney

Fedora Operations Architect

Fedora Project

Matrix: @amoloney:fedora.im

IRC: amoloney

--
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue