[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: how to maintain OpenLDAP database ?

To: Buchan Milne <bgmilne@staff.telkomsa.net>
Subject: Re: how to maintain OpenLDAP database ?
From: JOYDEEP <j.bakshi@unlimitedmail.org>
Date: Thu, 12 Jul 2007 12:24:36 +0530
Cc: openldap-software@openldap.org
In-reply-to: <200707120833.44228.bgmilne@staff.telkomsa.net>
References: <4694BE6F.4050709@unlimitedmail.org> <Pine.SOC.4.64.0707111005240.2445@toolbox.rutgers.edu> <4695AC68.6050400@unlimitedmail.org> <200707120833.44228.bgmilne@staff.telkomsa.net>
User-agent: Thunderbird 1.5 (X11/20060317)

Buchan Milne wrote:

Hi Buchan,

Thanks for your constructive discussion. I'm using OpenLDAP in a
production system where Email authentication is based on it.
Hence it is not possible to stop the OpenLDAP  for backup and repairing.
That's why I am very much interested to know the techniques to  do  a 
backup  and  repairing with running OpenLDAP.
could you please enlighten me ?  I'm using suse 9.3 here
thanks
> On Thursday, 12 July 2007, JOYDEEP wrote:
>   
>> Aaron Richton wrote:
>>     
>>> On Wed, 11 Jul 2007, Gabriel Stein wrote:
>>>       
>>>> Hi Joy!
>>>>
>>>> I suggest you to use slapcat, but its better stop the OpenLDAP.
>>>>         
>
> I will state here that this is false. In my environment it is never good to 
> stop slapd. Many environments require formal approval to do something like 
> stop slapd (and cron jobs that stop slapd can be career-limiting). All my 
> production environments do automated backups to ldif with slapcat while slapd 
> is running. This includes 1 environment with ~ 1.5 million entries.
>
> While it could be accurate to say "if you don't need your LDAP server ~ 100% 
> available, it can be easier to get a consistent point-in-time backup by 
> running slapcat while slapd is not running", what is better for one 
> environment may not be for another one.
>
>   
>>>> You 
>>>> can make
>>>> a crontab task on midnight, or something like.
>>>>         
>>> This shouldn't be true in most production configurations (at least, as
>>> of 2.3.16ish or so, with bdb/hdb).
>>>       
>
> While it is good to recommend new versions, IIRC slapcat on bdb has been safe 
> since 2.2.x was marked RELEASE (2.2.7?).
>
>   
>>> This is the case with legacy 
>>> configurations (e.g. ldbm), hence the documentation warning...
>>>       
>> Hi Aaron, Gabriel,matthew and others,
>>
>> thanks a lot for ur kind response.
>> Thanks Gabriel for your script .
>>     
>
> I would suggest you avoid using a trivial script which has no error checking 
> etc. which may not even work in your environment.
>
>   
>> Yes Aaron I'm using "bdb" database.
>> I'm little confused here as Gabriel and matthew have suggested for
>> slapcat but u r not in favour for that in case of "bdb" database.
>> So what would be the solution ?
>>     
>
> The best solution for an ldif backup is to use slapcat.
>
>   
>> Again slapcat is for backup. Is there any command for  maintenance and
>> repair the bdb database ?
>>     
>
> With OpenLDAP 2.3, slapd does all maintenance, if you have configured the 
> checkpoint setting, and if you have set the database environment to 
> auto-remove transaction log files. If you do not want transaction log files 
> to be automatically removed, you need to have a cron job to clean them up.
>
> I wrote some scripts for this, which ship in the Mandriva packages (and run 
> daily by default). You need at least ldap-common and ldap-hot-db-backup from:
>
> http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/cooker/openldap/current/SOURCES/
>
> Regards,
> Buchan
>
>

References:
- how to maintain OpenLDAP database ?
  - From: JOYDEEP <j.bakshi@unlimitedmail.org>
- Re: how to maintain OpenLDAP database ?
  - From: Aaron Richton <richton@nbcs.rutgers.edu>
- Re: how to maintain OpenLDAP database ?
  - From: JOYDEEP <j.bakshi@unlimitedmail.org>
- Re: how to maintain OpenLDAP database ?
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: Re: Can only ldapsearch localhost but NOT the actual server name
Next by Date: ldapadd.c - reg.
Index(es):
- Chronological
- Thread