[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: how to maintain OpenLDAP database ?

On Thursday, 12 July 2007, JOYDEEP wrote:
> Aaron Richton wrote:
> > On Wed, 11 Jul 2007, Gabriel Stein wrote:
> >> Hi Joy!
> >>
> >> I suggest you to use slapcat, but its better stop the OpenLDAP.

I will state here that this is false. In my environment it is never good to 
stop slapd. Many environments require formal approval to do something like 
stop slapd (and cron jobs that stop slapd can be career-limiting). All my 
production environments do automated backups to ldif with slapcat while slapd 
is running. This includes 1 environment with ~ 1.5 million entries.

While it could be accurate to say "if you don't need your LDAP server ~ 100% 
available, it can be easier to get a consistent point-in-time backup by 
running slapcat while slapd is not running", what is better for one 
environment may not be for another one.

> >> You 
> >> can make
> >> a crontab task on midnight, or something like.
> >
> > This shouldn't be true in most production configurations (at least, as
> > of 2.3.16ish or so, with bdb/hdb).

While it is good to recommend new versions, IIRC slapcat on bdb has been safe 
since 2.2.x was marked RELEASE (2.2.7?).

> > This is the case with legacy 
> > configurations (e.g. ldbm), hence the documentation warning...
> Hi Aaron, Gabriel,matthew and others,
> thanks a lot for ur kind response.
> Thanks Gabriel for your script .

I would suggest you avoid using a trivial script which has no error checking 
etc. which may not even work in your environment.

> Yes Aaron I'm using "bdb" database.
> I'm little confused here as Gabriel and matthew have suggested for
> slapcat but u r not in favour for that in case of "bdb" database.
> So what would be the solution ?

The best solution for an ldif backup is to use slapcat.

> Again slapcat is for backup. Is there any command for  maintenance and
> repair the bdb database ?

With OpenLDAP 2.3, slapd does all maintenance, if you have configured the 
checkpoint setting, and if you have set the database environment to 
auto-remove transaction log files. If you do not want transaction log files 
to be automatically removed, you need to have a cron job to clean them up.

I wrote some scripts for this, which ship in the Mandriva packages (and run 
daily by default). You need at least ldap-common and ldap-hot-db-backup from:



Buchan Milne
ISP Systems Specialist - Monitoring/Authentication Team Leader

Attachment: pgpYwYT7vJhk9.pgp
Description: PGP signature