Hi listers
version on the main server: openldap-2.2.17
on this site, we use openldap to manage the entire mail system. we do a backup of the directory each night at 1 o'clock. the ldap service is distributed on three servers, which are kept synced by the slurp daemon.
Before doing the backup, we restart the main openldap server with a configuration with "readonly on" set for the directory database: /etc/init.d/ldap.readonly restart
Then we do
/usr/local/openldap/sbin/slapcat -f /usr/local/openldap/etc/openldap/slapd.conf -l $HOME/backup/backup_file
After having done that, we restart the openldap server with a configuration with "readonly off" set for the directory database: /etc/init.d/ldap restart
This means: we are using the normal restart procedure from the /etc/init.d directory, because the openldap server may not have (?) a reload feature via the SIGHUP signal to make it reread the config-file.
Every now and then, we get a message from the postfix server, that the ldap server has not been accessible, when it tried to retrieve mail-parameters in the time between 1.00 and 1.09 in the night ("temporary lookup failure"), which means that the openldap server during this time cannot be accessed. This seems a very long time (9 minutes).
my questions:
can i set and clear the readonly flag for the directory using a direct command to the server, in order not to have to restart the server twice?
can i omit to set the readonly flag altogether before doing the slapcat?
is there another method to restart the openldap server much faster than via this method? e.g. can i send the openldap server a SIGHUP flag directly and not go through the /etc/init.d/ldap restart procedure?
any reply will be appreciated, thanks in adwance.
suomi