[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: best practices for backing up ldap configuration

Khosrow Ebrahimpour wrote:
On December 14, 2012 07:06:13 PM Michael Ströder wrote:
That's what SVN/puppet is for in my current project which generates static
configuration files for all the nodes based on templates. We can specify as
many MMR replica instances as needed and use the same Puppet manifests for
MMR setups in different stages.

And that works *much* better than tracking changes to back-config because it
is easier to automate configuration without an "internal" state change in a

But managing back-config using any config management tool remains an issue. I
don't think I can just push the entire slapd.d directory using chef or puppet.

Of course not. slapd.d is a slapd-internal private database. if you're doing any manipulation of its contents "You're Doing It Wrong."

Use slapcat -n0 / slapadd -n0. As Documented.

That's why I thought of tracking the changes.

Having said all that I do agree with you that using a static configuration is
better suited for this kind of thing.

IIRC the static configuration will be dropped not before 2.5.x is out.

That's good to know, though we are entirely on back-config now.

I found something interesting as well. Openldap seems to ignore dotfiles in
slapd.d directory. This can help avoid having to check for config changes using
a script and I can simply commit the entire slapd.d to my VCS.

No. *Never* do anything with the files in slapd.d. Use the slapd management tools.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/