# LDAP Authentication and Multi-Master Replication in FreeBSD



## joel@ (Dec 22, 2012)

Hi,

I'm currently writing a guide on setting up LDAP Authentication and Multi-Master Replication in FreeBSD. It's currently available on the FreeBSD wiki: http://wiki.freebsd.org/LDAP.

It's still missing a few explanations, but all the needed configuration should be there. If something is missing, please tell me.

If you have any comments or questions, please add them here.


----------



## gkontos (Dec 22, 2012)

Just a question / suggestion. I have not find any reliable way to backup my full LDAP schema without having to shutdown slpad first. 

So, if you could add a backup / restore procedure it would be very useful.


----------



## Crest (Dec 22, 2012)

Just use one more replica.


----------



## gkontos (Dec 22, 2012)

Crest said:
			
		

> Just use one more replica.



Replication is by no means a backup strategy.


----------



## joel@ (Dec 22, 2012)

gkontos said:
			
		

> So, if you could add a backup / restore procedure it would be very useful.


Everything in my environment is virtualized, so I'm using snapshots to backup all virtual machines. This also means I don't have a specific backup strategy for LDAP, because I don't need to.


----------



## Crest (Dec 23, 2012)

gkontos said:
			
		

> Replication is by no means a backup strategy.



A spare replica to be put in read only mode is a good basis for a slapcat based backup.


----------



## olav (Jan 3, 2013)

I will give this a shot for the upcoming weekend and report back if there are any issues.

When it comes to backup, is not a good solution to stop one of the replicas, take the backup and start it again?


----------



## gkontos (Jan 3, 2013)

olav said:
			
		

> When it comes to backup, is not a good solution to stop one of the replicas, take the backup and start it again?



Well, that is what I currently do. Completely stop slapd and backup the full data directory. But there has to be a more proper way.


----------



## kpa (Jan 3, 2013)

I don't know that much about LDAP but isn't there some kind of dump operation that dumps a consistent snapshot of the whole DB in a format that can be read back in when restoring is needed?


----------



## ondra_knezour (Jan 3, 2013)

kpa said:
			
		

> [...]isn't there some kind of dump operation that dumps a consistent snapshot of the whole DB in a format that can be read back in when restoring is needed?


`# slapcat -l /path/to/output-file`


----------



## gkontos (Jan 4, 2013)

kpa said:
			
		

> I don't know that much about LDAP but isn't there some kind of dump operation that dumps a consistent snapshot of the whole DB in a format that can be read back in when restoring is needed?



Not while the server is running. And since you are stoping the server, it is safer to just backup the full data directory instead of using slapcat


----------



## ondra_knezour (Jan 4, 2013)

gkontos said:
			
		

> Not while the server is running.


It depends.


> For some backend types, your slapd(8) should not be running (at  least, not  in  read-write mode) when you do this to ensure consistency of the database. It is always safe  to  run  slapcat  with  the  slapd-bdb(5), slapd-hdb(5), and slapd-null(5) backends.


----------



## tkp (Mar 31, 2014)

*Re: LDAP Authentication and Multi-Master Replication in Free*

Hi Joel,
Your guide is very useful. However, I can't find it now. What is the issue?


----------

