slapcat daily cron job?

[Gavin Henry]

<quote who="Nils Philippsen">
> On Fri, 2005-03-04 at 17:06 +0000, Gavin Henry wrote:
>> <quote who="Steven Pritchard">
>> > I posted this to bugzilla a while back...
>> >
>> >   https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148972
>> >
>> > Can anyone think of a reason why it would be bad for openldap to
>> > include a script to do a nightly slapcat dump to a file?
>> >
>> > If not, I included the script, logrotate entry, and spec patch in that
>> > bugzilla ticket, so if someone @redhat could look at it, I'd
>> > appreciate it greatly.  :-)
>>
>> I think that this a good idea and it's good that the script shuts down
>> the
>> ldap server, as you can only do a slapcat on a running server, if it's a
>> bdb/hdb backend.
>
> Mind that this in itself can be seen as a slight DOS -- some sites need
> LDAP for authentication issues.

Yes, I forgot that part. Remember, LDAP can be used for mail alias lookup,
dns, printers etc. etc.

These things need to be run all night.

Good point.

>
>> IMHO, I think that this backup decision should ultimately be left up to
>> the admin, as it's a security risk having the whole ldap tree in plain
>> text, even though it's owned be root.
>
> In the same vein you could argue that we should have nightly pg_dumpalls
> etc. I'd say that backups should be left to the administrator instead.
> Provide the scripts as examples of how to do a backup, but leave it as
> that. If openldap tends to eat the directory, this needs to be fixed
> rather than installing such a backup script by default (which is not a
> real fix).
>
> Nils
> --
>      Nils Philippsen    /    Red Hat    /    nphilipp at redhat.com
> "They that can give up essential liberty to obtain a little temporary
>  safety deserve neither liberty nor safety."     -- B. Franklin, 1759
>  PGP fingerprint:  C4A8 9474 5C4C ADE3 2B8F  656D 47D8 9B65 6951 3011
>
> --
> fedora-devel-list mailing list
> fedora-devel-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-devel-list
>