[Date Prev][Date Next]
confusing manpage for slapcat for backup
- To: firstname.lastname@example.org
- Subject: confusing manpage for slapcat for backup
- From: hai wu <email@example.com>
- Date: Tue, 6 Apr 2010 20:45:46 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:received:message-id :subject:from:to:content-type; bh=m5vacfs9D50iWlJrMja78EYBE9Cyi9VLdc0+jbktrHQ=; b=r5RAuIIm2x/rxy0dwsKYHAGrZ15sF2DTtqnSlOt3IP3vkOPCtOIB/TfL6prvS13qMR 2F5yAjqlMxlAkKfJKFqxK9gHqXsn0yW7uBP3bM4pZ1Dora8JPkC4pacWl+MLw3HAdEwX wcxMLO+d2FN6b9+Pce1kIXxoLd/uAiu3uHTNw=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=oKwbbYxjPigcFewduFHQ6EuDuKJSDHdEAltevDBwGb/D1JNtaoyMy8OK3r3QjbmYsV yi/ZPLeCmr1rKcoKK7Sq8TJKeRqGRs1LEKE2ripKdtbhmQUFdgpSVdpmbwW9fhwagJHw MGidDDR8N8Bz7SBWn031+2gaLhn4CuNWao+DA=
I have some questions:
When I look at manpage for slapcat from openldap-servers-2.3.27-5 in Centos5.0, it says:
In general, your slapd(8) should not be running (at least, not in read-
write mode) when you do this to ensure consistency of the database.
But when I look at its manpage from openldap-servers-2.3.43-3.el5 in Centos5.4, it says:
For some backend types, your slapd(8) should not be running (at least,
not in read-write mode) when you do this to ensure consistency of the
database. It is always safe to run slapcat with the slapd-bdb(5),
slapd-hdb(5), and slapd-null(5) backends.
Question 1: Is it always safe to run slapcat with slapd running even for openldap-servers-2.3.27-5 in Centos5?
The administration guide for OpenLDAP 2.4 at http://www.openldap.org/doc/admin24/maintenance.html explains more on this, I quote:
"2. Periodically run slapcat and back up the LDIF file:
Slapcat can be run while slapd is active. However, one runs the risk
of an inconsistent database- not from the point of slapd, but from the
point of the applications using LDAP. For example, if a provisioning
application performed tasks that consisted of several LDAP operations,
and the slapcat took place concurrently with those operations, then
there might be inconsistencies in the LDAP database from the point of
view of that provisioning application and applications that depended on
it. One must, therefore, be convinced something like that won't happen.
One way to do that would be to put the database in read-only mode while
performing the slapcat. The other disadvantage of this approach is that
the generated LDIF files can be rather large and the accumulation of
the day's backups could add up to a substantial amount of space.
You can use slapcat(8) to generate an LDIF file for each of your slapd(8) back-bdb or back-hdb databases.
slapcat -f slapd.conf -b "dc=example,dc=com"
For back-bdb and back-hdb, this command may be ran while slapd(8) is running."Question 2: Is the above also true for openldap-servers-2.3.27-5 in Centos5?
Question 3: How to put the database in read-only mode while performing the slapcat? Is there anyone who's doing this just to make sure for consistent backup?