Symas OpenLDAP Knowledge Base

Configuration Backup

When to back up

Configuration backups should be taken:

  • As a part of your daily or weekly system backup routine
  • Prior to any server maintenance  
  • Prior to any upgrade of the OpenLDAP software
  • Prior to any changes to the OpenLDAP configuration
  • Prior to any changes to your OpenLDAP schemas

What to back up

By default, the entire Symas OpenLDAP package installs to the /opt/symas directory.  This includes all configuration files.  The most critical items are listed below:

Static & Dynamic Configurations

The following files should be backed up for both static and dynamic configurations

OpenLDAP configuration (.conf) files

  • /opt/symas/etc/openldap/ldap.conf
  • /opt/symas/etc/openldap/slapd.conf
  • /opt/symas/etc/openldap/symas-openldap.conf

Custom schemas (.schema, .ldif) files (should not be stored in default schema folder)

  • /opt/symas/etc/openldap/local-schema

Kerberos configuration (.conf) files (if implemented)

  • /opt/symas/etc/heimdal/krb5.conf
  • /opt/symas/etc/heimdal/symas-heimdal.conf

SSL configuration (if implemented)

  • /opt/symas/ssl (whole directory)

Dynamic Configuration

If using dynamic configuration (cn=config) the only way to backup the system configuration is to use the slapcat utility.  This is in addition to backing up the files noted above.

The user running the utility must have read access to the dynamic configuration directory (normally /opt/symas/etc/openldap/slapd.d).

For detailed usage of slapcat, see slapcat(8c).

Backup Example cn=config  

/opt/symas/sbin/slapcat -F /opt/symas/etc/openldap/slapd.d -n0 -l config_backup_01.ldif