LDAP Authentication and Multi-Master Replication in FreeBSD

joel@

Developer
Hi,

I'm currently writing a guide on setting up LDAP Authentication and Multi-Master Replication in FreeBSD. It's currently available on the FreeBSD wiki: http://wiki.freebsd.org/LDAP.

It's still missing a few explanations, but all the needed configuration should be there. If something is missing, please tell me.

If you have any comments or questions, please add them here. :)
 
Just a question / suggestion. I have not find any reliable way to backup my full LDAP schema without having to shutdown slpad first.

So, if you could add a backup / restore procedure it would be very useful.
 
gkontos said:
So, if you could add a backup / restore procedure it would be very useful.
Everything in my environment is virtualized, so I'm using snapshots to backup all virtual machines. This also means I don't have a specific backup strategy for LDAP, because I don't need to. :)
 
I will give this a shot for the upcoming weekend and report back if there are any issues.

When it comes to backup, is not a good solution to stop one of the replicas, take the backup and start it again?
 
olav said:
When it comes to backup, is not a good solution to stop one of the replicas, take the backup and start it again?

Well, that is what I currently do. Completely stop slapd and backup the full data directory. But there has to be a more proper way.
 
I don't know that much about LDAP but isn't there some kind of dump operation that dumps a consistent snapshot of the whole DB in a format that can be read back in when restoring is needed?
 
kpa said:
I don't know that much about LDAP but isn't there some kind of dump operation that dumps a consistent snapshot of the whole DB in a format that can be read back in when restoring is needed?

Not while the server is running. And since you are stoping the server, it is safer to just backup the full data directory instead of using slapcat
 
gkontos said:
Not while the server is running.
It depends.
For some backend types, your slapd(8) should not be running (at least, not in read-write mode) when you do this to ensure consistency of the database. It is always safe to run slapcat with the slapd-bdb(5), slapd-hdb(5), and slapd-null(5) backends.
 
Re: LDAP Authentication and Multi-Master Replication in Free

Hi Joel,
Your guide is very useful. However, I can't find it now. What is the issue?
 
Back
Top