[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: backup (was: slapcat cannot open database - why?)

First of all, replicas _are_ backups. You want a complete, live
backup? Add a replica. You want a complete, live, backup and
failover system? Add a few live replicas in different locations, with
round-robin dns (primitive) or a load balancing router and/or
switch (advanced). I have three, on three different Internet
backbones, with two on the US east coast (NJ) and one in

You want flat file dumps for your backups?  I use a cron
script on an additional invisible replica (there's no user
connections to it, so taking it off-line doesn't matter for anything
but slurpd).

It takes the server off-line for a few seconds, copies id2entry,
and then brings the silent replica back online. It then converts
the *copied* file to ldif format (I use ldbm, man ldbmcat),
so the online real downtime on this invisible replica is for
copying (about 2 seconds) and reloading slapd. If that takes
too long, (or yours much takes longer), you might be disk bound,
and want to get into a U2W SCSI RAID 0 config, where copying a
few million entries takes about.... a second. Not that it
matters, because it's a silent replica, so being off-line makes
no difference in user-space.

There's also a Perl script in the FAQ-o-matic, which works well
if your tree is limited in sub-entries per branch, but as others
have noted, this can be a problem if your sizelimit or time limit
are exceeded in one branch (say, 10,000 entries in one branch.)...
Of course, you can also easily edit that script to do smaller
subsearches, thus eliminating the issue of the limit entirely.

> From: Roland Rosenfeld [mailto:rosenfeld@netcologne.de]
> But this doesn't help me with my initial problem: I want to backup the
> LDAP server.  Is it safe to backup the gdbm files only?  I personally
> would prefer to backup a LDIF file, which can also be used on a
> machine with a different hardware architecture.

I do both. One is good for fast restore, the other is more helpful
in situations of corruption. You might want to weigh the costs of
the available back-end tools vs ways of tuning front-end performance
(i.e., if ldbmcat won't work with gdbm, and you need faster performance,
would more replicas solve your db problems?)

>  That's why I was
> looking for slapcat.  But on a production machine I cannot stop slapd
> while running slapcat, because the server needs to be available all
> the time. 
> So my new question is: how do you backup the data of your LDAP servers?

On a different, non-user-accessable, replica machine. When load is low,
and the edits are light.

Personal:  ron@opus1.com, 520-326-6109, http://www.opus1.com/ron/
Work: rchmara@pnsinc.com, 520-546-8993, http://www.pnsinc.com/
The opinions expressed in this email are not necessarily those of myself,
my employers, or any of the other little voices in my head.