LDAP hints
Backup
Best and safe way (consitent, locking, …) is to do it locally from the LDAP server, as it will get data directly from the backend DB engine:
# slapcat -l backup.ldif
Restore
This will restore directly into the backend DB bypassing the server, so is recommended to stop it and make some changes after the restore.
/etc/init.d/slapd stop rm -rf /var/lib/ldap/* slapadd -c -l backup.ldif -f /etc/ldap/slapd.conf -S <ServerId> chown openldap:openldap /var/lib/ldap/*
Join new replica
On the new server, first make sure no tree, db and config exists:
service slapd stop rm -rf /var/lib/ldap/* rm -rf /etc/ldap/slapd.d/*
- Restore/overwrite the olc config directory (/etc/ldap/slapd.d/) from a current member.
- Edit cn=config.ldif file on the new server and set a new ServerId for it.
- Start the slapd daemon on the new node
Wait some minutes, and check correct replication (depends on your size, but usually fast).
Configure the new server as a new member for replication: From an old previous existing server, add an olcSynRepl directive for the new node. This configuration will replicate to all servers, even the new one so the rest of servers recognizes the new member for replication.