Re: Is putting slapd into read-only mode sufficient for backups?

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Tuesday, 7 February 2012 23:53:52 Brian Reichert wrote:
> I'm curious if the tactics described in this thread are currently
> sufficient:
> 
>   http://www.openldap.org/lists/openldap-software/200608/msg00152.html
> 
> The thread overall suggests the tried-and-true tactic of using
> slapcat to extract and LDIF file, to be imported later.  But, our
> application's DB if large enough that reimportation is prohibitive.
> 
> We're using OpenLDAP 2.3.43 under CentOS 5.7.
> 
> What we're doing currently is:
> 
> - stopping slapd

Why?

> - using db_checkpoint and db_archive to manage the BDB logs
> - copy away the directory
> - restart slapd
> 
> This results in a window of time during which the LDAP server is not
> available.
> 
> My hope was that my managing the olcReadOnly attribute via the
> config database (or as that cited message in the thread suggests,
> use the monitor database), we could perform those middle two steps
> while leaving a RO server in place.

In my environment, write downtime *is* downtime.

My approach has been to follow the Berkeley DB recommendations for backing up 
the database and archive logs.

While we have never had to actually restore from backup, all testing that I 
did in the past worked reliably.

My implementation is shipped in my openldap packages (with symlinks in cron.* 
enabled for daily backups by default), you can find the scripts here:
http://svnweb.mageia.org/packages/cauldron/openldap/current/SOURCES/ldap-hot-
db-backup?view=log
http://svnweb.mageia.org/packages/cauldron/openldap/current/SOURCES/ldap-
common?view=log

Regards,
Buchan