TODO

[mb-wali]

• prod : 2.4.44
• qa : 2.4.44

dump

sudo systemctl stop slapd

# Export the LDAP data
sudo slapcat -l backup.ldif

# Backup the OpenLDAP database files
sudo cp -r /var/lib/ldap/ /path/to/backup/location

restore

# Restore the OpenLDAP database
sudo rm -r /var/lib/ldap/*
sudo cp -r /path/to/backup/location/ldap/* /var/lib/ldap/
sudo chown -R openldap:openldap /var/lib/ldap/

# Import LDIF data
sudo slapadd -l backup.ldif

[tufranz]

• prod: 2.4.44
• qa: 2.5.13

dump

A systemctl stop slapd is not needed for slapcat.

restore

The slapd has to be stopped.

conclusion

When installing the dn_suffix should be the same like the dumped ldap-database. (Otherwise the new suffix has to be created and the wrong one should be deleted.)

[mb-wali]

sumup

Pleas do the followings: @tufranz

• [x] update the README
• [x] Write the steps on how you backup from `ldap01
• [x] Write the steps on how did you restore it to the new ldapserver.
• [ ] test qa instance - from creating user to deploying apps (after the ldap has been migrated)

folowup @mb-wali

• [x] update the OPENLDAP_QA with the existing passwords
• [x] deploy from - iac & ansible/ldap
• [ ] change the hosts in k8s for the new ldap.
• [x] The passwords will stay the same
• [ ] delete the old ldap VM - ldap01.cyverse.at

[tufranz]

backup ldap-server and restore to a new one

backup (e.g. host: ldap01.cyverse.at)

on ldap01.cyverse.at:

slapcat -l backup.ldif

copy the dump

copy the dump from ldap01.cyverse.at to the new ldapserver (eg.. qa-openldap.cyverse.at).

restore ( eg.. host: qa-openldap.cyverse.at)

on qa-openldap.cyverse.at:

systemctl stop slapd.service
cd /var/lib/
mv ldap/ ldap.$(date +%Y%m%d)
mkdir ldap
slapadd -f /etc/ldap/slapd.conf -l ~/backup.ldif
chown -R openldap:openldap ldap
systemctl start slapd.service

check

to check the restor look at the difference between the backup.ldif and a new created dump (slapcat -l restore.ldif) on qa-openldap.cyverse.at.