hai wu wrote: > I have some questions: > > When I look at manpage for slapcat from openldap-servers-2.3.27-5 in > Centos5.0, it says: > > LIMITATIONS > In general, your slapd(8) should not be running (at least, not > in read- > write mode) when you do this to ensure consistency of the database. That depends on what database backend you are using, I think that is for the old ldbm backend, so make sure which one you are using, check the "database" directive. > > But when I look at its manpage from openldap-servers-2.3.43-3.el5 in > Centos5.4, it says: > > LIMITATIONS > For some backend types, your slapd(8) should not be running > (at least, > not in read-write mode) when you do this to ensure > consistency of the > database. It is always safe to run slapcat with the > slapd-bdb(5), > slapd-hdb(5), and slapd-null(5) backends. Probably they introduced bdb and hdb backends, or since that version the team openldap updated the man page, if unsure read the ChangeLog. > > Question 1: Is it always safe to run slapcat with slapd running even > for openldap-servers-2.3.27-5 in Centos5? See fist answer. > > The administration guide for OpenLDAP 2.4 at > http://www.openldap.org/doc/admin24/maintenance.html explains more on > this, I quote: > > "2. Periodically run slapcat and back up the LDIF file: > > Slapcat can be run while slapd is active. However, one runs the risk > of an inconsistent database- not from the point of slapd, but from the > point of the applications using LDAP. For example, if a provisioning > application performed tasks that consisted of several LDAP operations, > and the slapcat took place concurrently with those operations, then > there might be inconsistencies in the LDAP database from the point of > view of that provisioning application and applications that depended > on it. One must, therefore, be convinced something like that won't > happen. One way to do that would be to put the database in read-only > mode while performing the slapcat. The other disadvantage of this > approach is that the generated LDIF files can be rather large and the > accumulation of the day's backups could add up to a substantial amount > of space. > > You can use /slapcat/(8) to generate an LDIF file for each of your > /slapd/(8) back-bdb or back-hdb databases. > > slapcat -f slapd.conf -b "dc=example,dc=com" > > > For back-bdb and back-hdb, this command may be ran while slapd(8) is > running." > > Question 2: Is the above also true for openldap-servers-2.3.27-5 in > Centos5? fist question :). > > Question 3: How to put the database in read-only mode while performing > the slapcat? Is there anyone who's doing this just to make sure for > consistent backup? > You can always read the slapd man page for more options. > Thanks, > Hai
Attachment:
signature.asc
Description: OpenPGP digital signature