doc:kb:ldap

LDAP hints

Backup

Best and safe way (consitent, locking, …) is to do it locally from the LDAP server, as it will get data directly from the backend DB engine: 

# slapcat -l backup.ldif

Restore

This will restore directly into the backend DB bypassing the server, so is recommended to stop it and make some changes after the restore. 

/etc/init.d/slapd stop
rm -rf /var/lib/ldap/*
slapadd -c -l backup.ldif -f /etc/ldap/slapd.conf -S <ServerId>
chown openldap:openldap /var/lib/ldap/*

Join new replica

On the new server, first make sure no tree, db and config exists: 

service slapd stop
rm -rf /var/lib/ldap/*
rm -rf /etc/ldap/slapd.d/*
  1. Restore/overwrite the olc config directory (/etc/ldap/slapd.d/) from a current member.
  2. Edit cn=config.ldif file on the new server and set a new ServerId for it.
  3. Start the slapd daemon on the new node
As the config directoy already points to existing members as replica providers, the new server will fetch all the DIT (the DB tree) from the other members so autopopulating its own tree

Wait some minutes, and check correct replication (depends on your size, but usually fast).

Configure the new server as a new member for replication: From an old previous existing server, add an olcSynRepl directive for the new node. This configuration will replicate to all servers, even the new one so the rest of servers recognizes the new member for replication.

  • doc/kb/ldap.txt
  • Last modified: 2021/06/10 21:45
  • by 127.0.0.1