Re: best practices for backing up ldap configuration

[Howard Chu <hyc@symas.com>]

Khosrow Ebrahimpour wrote:
> On December 14, 2012 07:06:13 PM Michael Ströder wrote:
> > That's what SVN/puppet is for in my current project which generates static
> > configuration files for all the nodes based on templates. We can specify as
> > many MMR replica instances as needed and use the same Puppet manifests for
> > MMR setups in different stages.
> >
> > And that works *much* better than tracking changes to back-config because it
> > is easier to automate configuration without an "internal" state change in a
> > DB.
>
> But managing back-config using any config management tool remains an issue. I
> don't think I can just push the entire slapd.d directory using chef or puppet.

Of course not. slapd.d is a slapd-internal private database. if you're doing 
any manipulation of its contents "You're Doing It Wrong."

Use slapcat -n0 / slapadd -n0. As Documented.

> That's why I thought of tracking the changes.
>
> Having said all that I do agree with you that using a static configuration is
> better suited for this kind of thing.
>
>
> > IIRC the static configuration will be dropped not before 2.5.x is out.
>
> That's good to know, though we are entirely on back-config now.
>
> I found something interesting as well. Openldap seems to ignore dotfiles in
> slapd.d directory. This can help avoid having to check for config changes using
> a script and I can simply commit the entire slapd.d to my VCS.

No. *Never* do anything with the files in slapd.d. Use the slapd management tools.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/