If you're using LDAP with BDB backend then you have two chances to backup your LDAP server:
1. from any client via ldapsearch
2. on the LDAP server via slapcat
To create a backup of your entire DIT you can run ldapsearch:
# ldapsearch -x -w password -D 'cn=ldapadmin,dc=example,dc=com' -b 'dc=example,dc=com' -LLL > backup.ldif
This will store the DIT in backup.ldif. The disadvantage is that you have to provide the password when you need to run it automatically (eg. in a cronjob).
To restore the DIT use ldapadd. First delete the DIT:
# ldapdelete -x -W -D 'cn=ldapadmin,dc=example,dc=com' 'dc=example,dc=com' -r
Enter LDAP Password:
Then use ldapadd to restore the entire DIT:
# ldapadd -x -W -D 'cn=ldapadmin,dc=example,dc=com' -f backup.ldif
Enter LDAP Password:
adding new entry "dc=example,dc=com"
adding new entry "ou=groups,dc=example,dc=com"
adding new entry "cn=users,ou=groups,dc=example,dc=com"
adding new entry "ou=users,dc=example,dc=com"
adding new entry "uid=sneill,ou=users,dc=example,dc=com"
adding new entry "uid=ajolie,ou=users,dc=example,dc=com"
The next method to perform a backup is (as mentioned before) slapcat. To create a backup with slapcat, log into your LDAP server and run slapcat:
# slapcat > backup.ldif
slapcat will read /etc/openldap/slapd.conf and figure out where the database is stored:
# cat /etc/openldap/slapd.conf
...
# DATABASE
database bdb
directory /var/lib/ldap/example.com
...
Your complete DIT is now stored in backup.ldif. To restore the DIT simulate a data loss. Move the directory where the database is stored and create the directory only again:
# mv /var/lib/ldap/example.com/ /var/lib/ldap/data_loss
# mkdir -p /var/lib/ldap/example.com
Now restore the database:
# slapadd < backup.ldif
No comments:
Post a Comment