[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Is putting slapd into read-only mode sufficient for backups?

On Tuesday, 7 February 2012 23:53:52 Brian Reichert wrote:
> I'm curious if the tactics described in this thread are currently
> sufficient:
>   http://www.openldap.org/lists/openldap-software/200608/msg00152.html
> The thread overall suggests the tried-and-true tactic of using
> slapcat to extract and LDIF file, to be imported later.  But, our
> application's DB if large enough that reimportation is prohibitive.
> We're using OpenLDAP 2.3.43 under CentOS 5.7.
> What we're doing currently is:
> - stopping slapd


> - using db_checkpoint and db_archive to manage the BDB logs
> - copy away the directory
> - restart slapd
> This results in a window of time during which the LDAP server is not
> available.
> My hope was that my managing the olcReadOnly attribute via the
> config database (or as that cited message in the thread suggests,
> use the monitor database), we could perform those middle two steps
> while leaving a RO server in place.

In my environment, write downtime *is* downtime.

My approach has been to follow the Berkeley DB recommendations for backing up 
the database and archive logs.

While we have never had to actually restore from backup, all testing that I 
did in the past worked reliably.

My implementation is shipped in my openldap packages (with symlinks in cron.* 
enabled for daily backups by default), you can find the scripts here: