backing up ldapd data

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

backing up ldapd data

Allan Streib-2
With OpenLDAP slapd I would run slapcat periodically to dump out the
directory in LDIF format for backup.

What is the best approach for backing up ldapd?

Thanks,

Allan

Reply | Threaded
Open this post in threaded view
|

Re: backing up ldapd data

Roderick

On Fri, 23 Aug 2019, Allan Streib wrote:

> With OpenLDAP slapd I would run slapcat periodically to dump out the
> directory in LDIF format for backup.
>
> What is the best approach for backing up ldapd?

Good to know that not only I have problems learning the most
elementary things about (open)ldap. I also would like to know
the answer to this question. I also would do what the OP does,
but also save the configuration (slapcat -b cn=config) that
is also stored as ldap. Or perhaps the solution is to see where
openldap saves the data in the file system and back up that as
normal files.

At some point, with a lot of effort, I did undestood the simple
principles of how this hierarchical db works. But it is inflated,
also all documentation, with something that has the taste of big
burocracy. ldap is awful.

Rodrigo

Reply | Threaded
Open this post in threaded view
|

Re: backing up ldapd data

Joel Carnat
On Sat, Aug 24, 2019 at 12:02:10PM +0000, Roderick wrote:

>
> On Fri, 23 Aug 2019, Allan Streib wrote:
>
> > With OpenLDAP slapd I would run slapcat periodically to dump out the
> > directory in LDIF format for backup.
> >
> > What is the best approach for backing up ldapd?
>
> Good to know that not only I have problems learning the most
> elementary things about (open)ldap. I also would like to know
> the answer to this question. I also would do what the OP does,
> but also save the configuration (slapcat -b cn=config) that
> is also stored as ldap. Or perhaps the solution is to see where
> openldap saves the data in the file system and back up that as
> normal files.
>
> At some point, with a lot of effort, I did undestood the simple
> principles of how this hierarchical db works. But it is inflated,
> also all documentation, with something that has the taste of big
> burocracy. ldap is awful.
>

FWIW, I run something like:
# ldapsearch -x -H ldaps://myserver -D "cn=admin,dc=ldap" -W \
  -b "dc=ldap" -LLL > ldapd-"`date +%Y%m%d`".ldif

This can be imported back later on.

I once had an issue with unreadable password when importing a dump from
i386 to amd64 server. But from amd64 to another amd64 server, no issue.