On Tuesday, 7 February 2012 23:53:52 Brian Reichert wrote: > I'm curious if the tactics described in this thread are currently > sufficient: > > http://www.openldap.org/lists/openldap-software/200608/msg00152.html > > The thread overall suggests the tried-and-true tactic of using > slapcat to extract and LDIF file, to be imported later. But, our > application's DB if large enough that reimportation is prohibitive. > > We're using OpenLDAP 2.3.43 under CentOS 5.7. > > What we're doing currently is: > > - stopping slapd
Why? > - using db_checkpoint and db_archive to manage the BDB logs > - copy away the directory > - restart slapd > > This results in a window of time during which the LDAP server is not > available. > > My hope was that my managing the olcReadOnly attribute via the > config database (or as that cited message in the thread suggests, > use the monitor database), we could perform those middle two steps > while leaving a RO server in place. In my environment, write downtime *is* downtime. My approach has been to follow the Berkeley DB recommendations for backing up the database and archive logs. While we have never had to actually restore from backup, all testing that I did in the past worked reliably. My implementation is shipped in my openldap packages (with symlinks in cron.* enabled for daily backups by default), you can find the scripts here: http://svnweb.mageia.org/packages/cauldron/openldap/current/SOURCES/ldap-hot- db-backup?view=log http://svnweb.mageia.org/packages/cauldron/openldap/current/SOURCES/ldap- common?view=log Regards, Buchan
