[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Emergency recovery strategy needed by novice

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: RE: Emergency recovery strategy needed by novice
From: "Mackey, Theral" <tmackey@zetta.net>
Date: Fri, 7 Jan 2011 20:02:26 +0000
Accept-language: en-US
Acceptlanguage: en-US
Content-language: en-US
In-reply-to: <4D2766B2.8060602@gmail.com>
References: <Pine.LNX.4.33.1101071111140.12517-100000@denzel.in> <4D2766B2.8060602@gmail.com>
Thread-index: AcuuoEdOeihaYJIyRIGi/LV7ZUEBxwAAxIWg
Thread-topic: Emergency recovery strategy needed by novice

> > Further thoughts? Can I harness the ability to connect to get the
> data out
> > even when I don't know the first thing about the data I want to
> fetch,
> > similar to the slapcat command above?
> 
> *if* you can connect to the LDAP server, then you can also fetch all
> the
> Data as LDIF. You just have to know the admin  user (and password) to
> be
> sure you get all the data from the LDAP server.
> 
> You'll then just have to inject them in your slave server.
> 
> Now, there are more than just the entries, you'll have to deal with the
> server configuration : schemas, index, etc.
> 
> If you just want to get back the data, then using a tool like Apache
> Directory Studio, LdapBrower, JExplore, etc could help. They all allows
> you to connect using only LDAP, and get back the data. You can even use
> a command line tool like ldapsearch, which can be installed easily - if
> it's not already present.
> 
> Hope it helps, because your story sounds like a nightmare ...
> 

Also man ldapsearch(1)

ldapsearch -x -LLL -H 'ldap://hostname/' -d 'cn=Manager,dc=example,dc=com' -w password '(objectClass=*)' * + > backup.ldiff

change the ldap:// to ldaps:// if needed

the cn=Manager,dc=example,dc=com will need to be your manager/admin user DN (defined in your slapd config, cn=Manager is default/typical, dc=example,dc=com is your root/base DN, probably your company's domain broken into components)

if you use -W to have it prompt for pass, the prompt will get redirected with stdout into your file, so type it when its sitting on the newline.

This will also give an ldif that should be able to be imported via slapadd (with slapd stopped, see ldapadd/ldapmodify for doing stuff while its running). As this is the whole DB, you probably want to move your ldap db out of the way first if the target system already had a running slapd (mv /var/lib/ldap /var/lib/ldap.bak for debian defaults), mkdir a new ldap data dir and cp your old DB_CONFIG file into it (if you don't have one of these, don't worry, it will work without it but slower). 

-T

References:
- Re: Emergency recovery strategy needed by novice
  - From: Richard Troy <rtroy@ScienceTools.com>
- Re: Emergency recovery strategy needed by novice
  - From: Emmanuel Lecharny <elecharny@gmail.com>

Prev by Date: RE: Strange behavior with TLS with self-signed certs
Next by Date: RE: Strange behavior with TLS with self-signed certs
Index(es):
- Chronological
- Thread