1# $OpenLDAP$ 2# Copyright 2007-2021 The OpenLDAP Foundation, All Rights Reserved. 3# COPYING RESTRICTIONS APPLY, see COPYRIGHT. 4 5H1: Maintenance 6 7System Administration is all about maintenance, so it is only fair that we 8discuss how to correctly maintain an OpenLDAP deployment. 9 10 11H2: Directory Backups 12 13Backup strategies largely depend on the amount of change in the database 14and how much of that change an administrator might be willing to lose in a 15catastrophic failure. There are two basic methods that can be used: 16 171. Backup the LMDB database itself 18 19The LMDB database can be copied live using the mdb_copy command. If the database 20is a sparse file via the use of the "writemap" environment flag, the resulting 21copy will be the actual size of the database rather than a sparse copy. 22 232. Periodically run slapcat and back up the LDIF file: 24 25Slapcat can be run while slapd is active. However, one runs the risk of an 26inconsistent database- not from the point of slapd, but from the point of 27the applications using LDAP. For example, if a provisioning application 28performed tasks that consisted of several LDAP operations, and the slapcat 29took place concurrently with those operations, then there might be 30inconsistencies in the LDAP database from the point of view of that 31provisioning application and applications that depended on it. One must, 32therefore, be convinced something like that won't happen. One way to do that 33would be to put the database in read-only mode while performing the 34slapcat. The other disadvantage of this approach is that the generated LDIF 35files can be rather large and the accumulation of the day's backups could 36add up to a substantial amount of space. 37 38You can use {{slapcat}}(8) to generate an LDIF file for each of your {{slapd}}(8) 39back-mdb databases. 40 41> slapcat -f slapd.conf -b "dc=example,dc=com" 42 43For back-mdb this command may be ran while slapd(8) is running. 44 45 46H2: Checkpointing 47 48Setting a checkpoint is only necessary when back-mdb has the dbnosync flag set. Otherwise 49it has no effect. With back-mdb the kbyte option is not implemented, meaning it will only 50run a checkpoint based on the elapsed amount of minutes flag. 51 52H2: Migration 53 54The simplest steps needed to migrate between versions or upgrade, depending on your deployment 55type are: 56 57.{{S: }} 58^{{B: Stop the current server when convenient}} 59 60.{{S: }} 61+{{B: slapcat the current data out}} 62 63.{{S: }} 64+{{B: Clear out the current data directory (/usr/local/var/openldap-data/)}} 65 66.{{S: }} 67+{{B: Perform the software upgrades}} 68 69.{{S: }} 70+{{B: slapadd the exported data back into the directory}} 71 72.{{S: }} 73+{{B: Start the server}} 74 75Obviously this doesn't cater for any complicated deployments with {{SECT: N-Way Multi-Provider}}, 76but following the above sections and using either commercial support or community support should help. Also check the 77{{SECT: Troubleshooting}} section. 78