NDPF LDAP Backups and Slaves
Making a Backup of the LDAP Directory
Apart from the immediately obvious content of the LDAP directory (i.e. the stuff you see with the LDAP Browser or a regular LDAP search), there is some meta-data that must be preserevd on backup: the creator, creation time, modifier and modification time. These attributes must be specified explicitly on the command line.
ldapsearch -P 3 -x -H ldaps://trog/ -b "dc=farmnet,dc=nikhef,dc=nl" \ -D "cn=Manager,dc=root" -W \ creatorsName createTimestamp modifiersName modifyTimestamp \*
(and provide the LDAP direcotry root password as requested).
The output of this command constitutes the backup of the directory. A backup is made daily on 'trog' in '/project/ndpf/sysdir/data/'.
The backup can be restored with this command (provided the data directory is empty and has the proper permissions):
ldapadd -c -D "cn=Manager,dc=root" -W -x -H ldap://hooimijt.nikhef.nl/ \ -f /root/userdb-20051019-1036.ldif
It works of course on the master, but the same command can also be used on the slaves for the initial synchronization.
teen nudist vaginal fisting teen ass asian teens tiffany teen teen nudist teen lesbian teen porn teen model voyeur upskirt teen ass teen lesbian teens for cash girl teens posing in bras teen girls in thongs teen ass nude teens naked teens teen girls teen gallery hot teens topples teens in thongs hot teen girls beach voyeur teen models fisting pussy teen titans voyeur pics topless teens extreme anal fisting asian teens topples teens in thongs teen sex teen sex teen girls asian teens naked teens teen nudist ass teen hidden camera voyeur private voyeur teen pussy voyeur cam pussy fisting the true voyeur teen boys voyuer web hot teens voyuerweb teen nude voyeur cams gay teens voyer extreme fisting true voyeur topples teens in thongs voyeur upskirt locker room voyer voyeur pictures fisting girls voyer foot fisting voyeurs nude teens voyeurs locker room voyer true voyeur double fisting anal free project voyeur teen thongs the true voyeur upskirt voyeur voyeur cam triple anal fisting free project voyeur lesbian fisting voyuer web fistfuck project voyuer nude teen beach voyeur teen ass the free voyeurweb project voyeur chat hidden camera voyeur fisting free voyuerweb teen underwear models voyeur cam hot teens voyuer web hidden camera voyeur the original free voyeurweb homepage female fisting voyour teen nude the true voyeur the true voyeur voyeur beach teen boys upskirt voyeur teen lesbians voyeur pics private voyeur voyeur cam teen girls kissing voyeur videos vouyer teen voyeur teen titans hentai voyeurweb voyour locker room voyer nude teen vouyer teen the free voyeurweb igor voyuerweb voyeur pics gaping fist anal
Creating a new slave server
The relation between a master (i.e. on trog) and the set of slaves is maintained by the "slupd" daemon, running on the master. The slurps knows about the master "update" password for all slaves, and will push any modifications down to those slaves. The list of slaves is maintained in '/project/ndpf/sysdir/etc/userdb.conf':
replica host=hooimijt.nikhef.nl:389
binddn="cn=Manager,dc=root" bindmethod=simple
suffix="dc=farmnet,dc=nikhef,dc=nl"
credentials="PASSWD1" tls=critical
replica host=tbn06.nikhef.nl:389
binddn="cn=Manager,dc=root" bindmethod=simple
suffix="dc=farmnet,dc=nikhef,dc=nl"
credentials="PASSWD2" tls=critical
replogfile /project/ndpf/sysdir/var/replogfile.userdb
The PASSWD1 and PASSWD2 must match the (encrypted) rootpw entries for the respective slaves:
rootpw "{SSHA}MYENCRYPTEDPASSWDINTHISHASHMODE"
updatedn "cn=Manager,dc=root"
updateref ldaps://trog.nikhef.nl/
Notes
- The ldap directories must be in sync before you start the slurpd service. Use the 'ldapadd' command with a up-to-date backup of the master directory to initialize the slave.
- Make sure all data is encrypted whilst in transfer ("tls=critical")
- LDAP logs by default to LOCAL4, enable that in syslog.conf to see the errors.
