LDAP Database Backup

INTRODUCTION

There are two ways to back up and OpenLDAP LMDB (back-mdb) database: 1. The mdb_copy command creates a copy of the mdb database in its binary form, and 2. The slapcat command that dumps the database to LDIF.

Backing Up with mdb_copy

mdb_copy creates the backup mdb image very quickly. Restoring the image to a server is also very fast. mdb_copy is the recommended backup approach.

Example of an mdb_copy backup command:

mdb_copy /var/symas/openldap-data/ /tmp/backup/<backup-file-name>/

Backing up with slapcat

The other supported method of backing up an OpenLDAP database is via the slapcat utility.  

Backups should not be taken using the ldapsearch utility for several reasons:

Additionally, backups should not be taken by directly copying the database files or database directory in the filesystem.  This can lead to instability and/or make the backup impossible to recover.

slapcat BACKUP TYPES

SINGLE BACKEND DATABASE

If your OpenLDAP server uses only one backend database, backups are very straightforward:

Single Backend Backup

/opt/symas/sbin/slapcat -b <rootdn> -l backupName.ldif

This executes the slapcat command and writes the output to the file backupName.ldif.

MULTIPLE BACKEND DATABASES

The slapcat utility can back up only one database suffix at a time.  if your OpenLDAP server uses more than one database, you will need to run slapcat once for each suffix, specifying each suffix.

Multiple Backend Backups

/opt/symas/sbin/slapcat -b "dc=example,dc=com" -l dc-example_dc=com_Backup.ldif
/opt/symas/sbin/slapcat -b "dc=demo,dc=com" -l dc-demo_dc=com_Backup.ldif

CONFIGURATION DATABASE (cn=config)

The cn=config database is the database that contains the configuration for the OpenLDAP server.  To backup the cn=config database, simply specify the database number as 0.

Configuration Database Backup

/opt/symas/sbin/slapcat -F /opt/symas/etc/openldap/slapd.d -n 0 -l cn-config_Backup.ldif