...
Stop the daemons that are running in old Active Node (SSO Node1) and Newly upgraded SSO Node (New Active Node) :
Code Block /etc/init.d/ubilogin-server stop /etc/init.d/ubilogin-directory stop /etc/init.d/ubisecure-accounting stop
Take a backup from Ubisecure Directory of the old SSO Node1
Code Block /usr/local/ubisecure/ubilogin-sso/openldap/libexec/slapd -T cat -f "/usr/local/ubisecure/ubilogin-sso/openldap/etc/openldap/slapd.conf" -l /home/ubilogin/database.ldif
Clean up data directory from New SSO Node1 (Newly upgraded Node)
Code Block cd /usr/local/ubisecure/ubilogin-sso/openldap/var/openldapm-db/cn=Ubilogin,dc=sso,dc=example,dc=com (delete all files inside) rm -rf *
Move backup taken in Step2 to New SSO Node1
Import data from backup file to New SSO Node1
Code Block /usr/local/ubisecure/ubilogin-sso/openldap/libexec/slapd -T add -f "/usr/local/ubisecure/ubilogin-sso/openldap/etc/openldap/slapd.conf" -l /home/ubilogin/database.ldif
Start the ubilogin-directory daemon:
Code Block systemctl start ubilogin-directory
Important: Add new entries and update LDAP secrets into OpenLDAP, ignore warnings about e.g. existing entries
Code Block cd /usr/local/ubisecure/ubilogin-sso/ubilogin ./ldap/openldap/import-changes.sh
Also, import initial-key
Code Block cd /usr/local/ubisecure/ubilogin-sso/ubilogin ./ldap/openldap/import.sh ./ldap/initial-key.ldif
Now start ubilogin-server and ubisecure-accounting service.
Code Block systemctl start ubilogin-server systemctl start ubisecure-accounting
Verify logs and login into SSO management console
If everything looks ok, - switch traffic to this upgraded node .
...