hai wu wrote:
I have some questions:
When I look at manpage for slapcat from openldap-servers-2.3.27-5 in Centos5.0, it says:
LIMITATIONS In general, your slapd(8) should not be running (at least, not in read- write mode) when you do this to ensure consistency of the database.
That depends on what database backend you are using, I think that is for the old ldbm backend, so make sure which one you are using, check the "database" directive.
But when I look at its manpage from openldap-servers-2.3.43-3.el5 in Centos5.4, it says:
LIMITATIONS For some backend types, your slapd(8) should not be running (at least, not in read-write mode) when you do this to ensure consistency of the database. It is always safe to run slapcat with the slapd-bdb(5), slapd-hdb(5), and slapd-null(5) backends.
Probably they introduced bdb and hdb backends, or since that version the team openldap updated the man page, if unsure read the ChangeLog.
Question 1: Is it always safe to run slapcat with slapd running even for openldap-servers-2.3.27-5 in Centos5?
See fist answer.
The administration guide for OpenLDAP 2.4 at http://www.openldap.org/doc/admin24/maintenance.html explains more on this, I quote:
"2. Periodically run slapcat and back up the LDIF file:
Slapcat can be run while slapd is active. However, one runs the risk of an inconsistent database- not from the point of slapd, but from the point of the applications using LDAP. For example, if a provisioning application performed tasks that consisted of several LDAP operations, and the slapcat took place concurrently with those operations, then there might be inconsistencies in the LDAP database from the point of view of that provisioning application and applications that depended on it. One must, therefore, be convinced something like that won't happen. One way to do that would be to put the database in read-only mode while performing the slapcat. The other disadvantage of this approach is that the generated LDIF files can be rather large and the accumulation of the day's backups could add up to a substantial amount of space.
You can use /slapcat/(8) to generate an LDIF file for each of your /slapd/(8) back-bdb or back-hdb databases.
slapcat -f slapd.conf -b "dc=example,dc=com"For back-bdb and back-hdb, this command may be ran while slapd(8) is running."
Question 2: Is the above also true for openldap-servers-2.3.27-5 in Centos5?
fist question :).
Question 3: How to put the database in read-only mode while performing the slapcat? Is there anyone who's doing this just to make sure for consistent backup?
You can always read the slapd man page for more options.
Thanks, Hai