On Tuesday, 7 February 2012 23:53:52 Brian Reichert wrote:
I'm curious if the tactics described in this thread are currently sufficient:
http://www.openldap.org/lists/openldap-software/200608/msg00152.html
The thread overall suggests the tried-and-true tactic of using slapcat to extract and LDIF file, to be imported later. But, our application's DB if large enough that reimportation is prohibitive.
We're using OpenLDAP 2.3.43 under CentOS 5.7.
What we're doing currently is:
- stopping slapd
Why?
- using db_checkpoint and db_archive to manage the BDB logs
- copy away the directory
- restart slapd
This results in a window of time during which the LDAP server is not available.
My hope was that my managing the olcReadOnly attribute via the config database (or as that cited message in the thread suggests, use the monitor database), we could perform those middle two steps while leaving a RO server in place.
In my environment, write downtime *is* downtime.
My approach has been to follow the Berkeley DB recommendations for backing up the database and archive logs.
While we have never had to actually restore from backup, all testing that I did in the past worked reliably.
My implementation is shipped in my openldap packages (with symlinks in cron.* enabled for daily backups by default), you can find the scripts here: http://svnweb.mageia.org/packages/cauldron/openldap/current/SOURCES/ldap-hot... db-backup?view=log http://svnweb.mageia.org/packages/cauldron/openldap/current/SOURCES/ldap- common?view=log
Regards, Buchan