There are two common strategies for backing up the contents of your directory. One is to make a backup of the directory database. The other is to dump the contents of the directory into an LDIF file.
Different backends locate the contents of the directory in different locations. For example, the BDB and HDB backends store data in special Berkeley DB database files. SQL-based backends store the information in a relational database management system. Special backends like the LDAP and Perl backends may not store data at all, but might simply access other sources.
Each of these backends will require a different backup procedure. Here we will just look at backing up BDB and HDB databases—the types we've used throughout the book.
Note
This method is not portable. BDB/HDB files are version sensitive. Each new release of OpenLDAP (or of Berkeley DB) may use different structures for these databases, so this backup method only works when the backup and the restore are done on the same software versions.
In Ubuntu these database files are located at /var/lib/ldap
. All of the files in this directory, including the indexes (those that end with the bdb
extension), the main database files (__db.???
) and the log files (log.??????????
). It is also a good idea to make a copy of the DB_CONFIG
file, though it rarely changes and does not store any directory data.
When backing up these files it is best to stop SLAPD. Here's a very simple example using common shell tools:
$ sudo invoke-rc.d slapd stop $ sudo cp -a /var/lib/ldap/* /usr/local/backup/ldap/ $ sudo invoke-rc.d slapd start
This will stop SLAPD and copy all of the files at /var/lib/ldap/
to /usr/local/backup/ldap/
. Then, SLAPD will be started again.
The second, and more portable, strategy for backing up the directory is to dump the contents of the directory to an LDIF file. There are several distinct advantages to this approach:
There is no need to stop SLAPD
The output is more portable, and data can be moved from one database backend to another, and from one OpenLDAP version to another
There is less redundant data, so backup files are much smaller than the BDB/HDB files.To make an LDIF backup file of the contents of a directory server with only one database (that is, it has only one directory root), the command is simple:
$ sudo slapcat -l /usr/local/backup/my_directory.ldif
This command uses slapcat
to dump the contents of the directory, in the LDIF format, into the file /usr/local/backup/my_directory.ldif
. It can be loaded back into the directory using the slapdadd
tool discussed in Chapter 3.
If your directory contains more than one directory information tree, you will need to run the slapcat
routine once for each server, using the -b
flag to identify the suffix (base DN) of the directory information tree you want to dump:
$ cd /usr/local/backup $ sudo slapcat -b "dc=example,dc=com" -l example_com.ldif $ sudo slapcat -b "dc=test,dc=net" -l test_net.ldif
In this example we backup each directory into its own LDIF file.