[Date Prev][Date Next] [Chronological] [Thread] [Top]

slow cn=config changes; Re: Correct procedure to backup LDAP?

I'm trying to migrate to a reliable live update mechanism and I have tried using slapcat after putting the directory into read-only mode, but that seems to bring up additional issues.

In OL 2.3.24 with hdb, how supported is it to do the following?
$ ldapmodify
dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcReadOnly
olcReadOnly: TRUE


It seems to work, usually in about a second, but sometimes can take upwards of a minute, during which time the directory seems to be in some sort of stop-the-world state where connections just hang, preventing it from being the non-intrusive backup approach I'd hoped for. The CPU usage doesn't spike and the disk usage appears normal. I've seen similar behavior with other cn=config changes.

Has anyone else encountered this? Is it supposed to work better? Any ideas what might be going on or what I should look for? There don't seem to be any runaway polling loops or lwp fights going on. A truss shows a little bit of lwp polling activity and some writes going on, but nothing suspicious like the hang early in 2.3.x when shutting down with gentlehup.

On Mon, 14 Aug 2006, Sameer N Ingole wrote:

Hey all.

I work at a medium-sized software company and we're about 70-100 users
big now.

We have 2 LDAP servers, and they need to be backed up regularly, *while*
LDAP is running - if possible.

I've seen 'slapcat' as a solution, but I've also read that it's not a
good idea to run this command while LDAP is running.

-- Eric Irrgang - UT Austin ITS Unix Systems - (512)475-9342