linuxldapredhatopenldap

How do I clone an OpenLDAP database


I know this is more like a serverfault question than a stackoverflow question, but since serverfault isn't up yet, here I go:

I'm supposed to move an application from one redhat server to another, and without very good knowledge of the internal workings of the application, how would I move the OpenLDAP database from the one machine to the other, with schemas and all.

What files would I need to copy over? I believe the setup is pretty standard.


Solution

  • The problem with SourceRebels' answer is that slapcat(8) does not guarantee that the data is ordered for ldapadd(1)/ldapmodify(1).

    From man slapcat (from OpenLDAP 2.3) :

    The LDIF generated by this tool is suitable for use with slapadd(8).
    As the entries are in database order, not superior first order, they
    cannot be loaded with ldapadd(1) without first being reordered.
    

    (FYI: In OpenLDAP 2.4 that section was rephrased and expanded.)

    Plus using a tool that uses the backend files to dump the database and then using a tool that loads the ldif through the ldap protocol is not very consistent.

    I'd suggest to use a combination of slapcat(8)/slapadd(8) OR ldapsearch(1)/ldapmodify(1). My preference would go to the latter as it does not need shell access to the ldap server or moving files around.

    For example, dump database from a master server under dc=master,dc=com and load it in a backup server

    $ ldapsearch -Wx -D "cn=admin_master,dc=master,dc=com" -b "dc=master,dc=com" -H ldap://my.master.host -LLL > ldap_dump-20100525-1.ldif
    $ ldapadd -Wx -D "cn=admin_backup,dc=backup,dc=com" -H ldap://my.backup.host -f ldap_dump-20100525-1.ldif
    

    The -W flag above prompts for ldap admin_master password however since we are redirecting output to a file you wont see the prompt - just an empty line. Go ahead and type your ldap admin_master password and enter and it will work. First line of your output file will need to be removed (Enter LDAP Password:) before running ldapadd.

    Last hint, ldapadd(1) is a hard link to ldapmodify(1) with the -a (add) flag turned on.