Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I clone an OpenLDAP database

Tags:

linux

ldap

redhat

openldap

I know this is more like a serverfault question than a stackoverflow question, but since serverfault isn't up yet, here I go:

I'm supposed to move an application from one redhat server to another, and without very good knowledge of the internal workings of the application, how would I move the OpenLDAP database from the one machine to the other, with schemas and all.

What files would I need to copy over? I believe the setup is pretty standard.

like image 861
elzapp Avatar asked Apr 27 '09 07:04

elzapp

People also ask

Where is slapd database?

In the default configuration, slapd's database files are in /var/lib/ldap not the intuitively obvious /var/lib/slapd which is normally empty.

2 Answers

The problem with SourceRebels answer is that slapcat(8) does not guarantee that the data is ordered for ldapadd(1)/ldapmodify(1). From the man page :

 The  LDIF  generated  by this tool is suitable for use with slapadd(8). As the entries are in database order, not superior  first  order,  they cannot be loaded with ldapadd(1) without first being reordered.

Plus using a tool that uses the backend files to dump the database and then using a tool that loads the ldif through the ldap protocol is not very consistent.

I'd suggest to use a combination of slapcat(8)/slapadd(8) OR ldapsearch(1)/ldapmodify(1). My preference would go to the latter as it does not need shell access to the ldap server or moving files around.

For example, dump database from a master server under dc=master,dc=com and load it in a backup server

 $ ldapsearch -Wx -D "cn=admin_master,dc=master,dc=com" -b "dc=master,dc=com" -H ldap://my.master.host -LLL > ldap_dump-20100525-1.ldif $ ldapadd -Wx -D "cn=admin_backup,dc=backup,dc=com" -H ldap://my.backup.host -f ldap_dump-20100525-1.ldif

The -W flag above prompts for ldap admin_master password however since we are redirecting output to a file you wont see the prompt - just an empty line. Go ahead and type your ldap admin_master password and and it will work. First line of your output file will need to be removed (Enter LDAP Password:) before running ldapadd.

Last hint, ldapadd(1) is a hard link to ldapmodify(1) with the -a (add) flag turned on.

like image 163
sberder Avatar answered Nov 05 '22 03:11

sberder

ldapsearch and ldapadd are not necessarily the best tools to clone your LDAP DB. slapcat and slapadd are much better options.

Export your DB with slapcat:

slapcat > ldif

Import the DB with slapadd (make sure the LDAP server is stopped):

slapadd -l ldif
like image 26
Joel Avatar answered Nov 05 '22 03:11

Joel
Sign in to Comment

Related questions

How to change all occurrences of a word in all files in a directory
How to search any word in linux 'screen'
How to set CPU affinity for a process from C or C++ in Linux?
Segmentation fault handling
Cannot overwrite Symbolic Link RedHat Linux
Linux C program: How to find the library to which a function belongs
Identifying received signal name in Bash
XML Editing/Viewing Software [closed]
Permanently reversing a patch-file
How to merge two files using AWK? [duplicate]
Check if a condition is false
use RPATH but not RUNPATH?
How to use grep efficiently?
Git enter long passphrase for every push
Replace only if string exists in current line
"sed" command in bash
Scp command syntax for copying a folder from local machine to a remote server [closed]
How to change permissions to certain file pattern/extension?
Use SSH to start a background process on a remote server, and exit session
linux execute command remotely

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!