1

We have an openLDAP cluster running with two Master(producers) and one consumer. I read the below guides and got a good enough idea about using slapcat/ldapsearch with slapadd/ldapadd to backup & restore the data.

How to Clone an OpenLDAP Database

LDAP backup with slapcat vs. ldapsearch

For me using ldapsearch with ldapadd worked on taking a backup and restoring it. However, I ended up changing the entryUUID, contextCSN, create & modifyTimestamp of the entries.

ldapsearch -x -H ldaps://ldap.server.net -D "dc=mycompany,dc=net" -W -b "dc=admin,dc=mycompany,dc=net" -LLL > ldapd-"`date +%Y%m%d`".ldif  

ldapadd -x -c -H ldapi:/// -D "dc=admin,dc=mycompany,dc=net" -y "${PASSWORD_FILE}" -f "ldapd-"`date +%Y%m%d`".ldif

I wanted to check if this is a preferred way of doing a backup & restore operations or is there any better practices ?

kenlukas
  • 2,886
  • 2
  • 14
  • 25
swetad90
  • 131
  • 5

1 Answers1

0

Part of the reason to use multimaster is that you only need to restore in the event of total system failure, not the failure of any individual node. You can lose all but the last master and syncrepl should restore everything as you add in replacements.

If your meta-data is important to you then you'll want to use slapcat/slapadd rather than ldapsearch/ldapadd. (You can use ldapsearch and slapadd if you also search of operational attributes. E.g. ldapsearch -b dc=example,dc=com "*" +.)

84104
  • 12,698
  • 6
  • 43
  • 75