slapcat daily cron job?
Nils Philippsen
nphilipp at redhat.com
Fri Mar 4 17:17:19 UTC 2005
On Fri, 2005-03-04 at 17:06 +0000, Gavin Henry wrote:
> <quote who="Steven Pritchard">
> > I posted this to bugzilla a while back...
> >
> > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148972
> >
> > Can anyone think of a reason why it would be bad for openldap to
> > include a script to do a nightly slapcat dump to a file?
> >
> > If not, I included the script, logrotate entry, and spec patch in that
> > bugzilla ticket, so if someone @redhat could look at it, I'd
> > appreciate it greatly. :-)
>
> I think that this a good idea and it's good that the script shuts down the
> ldap server, as you can only do a slapcat on a running server, if it's a
> bdb/hdb backend.
Mind that this in itself can be seen as a slight DOS -- some sites need
LDAP for authentication issues.
> IMHO, I think that this backup decision should ultimately be left up to
> the admin, as it's a security risk having the whole ldap tree in plain
> text, even though it's owned be root.
In the same vein you could argue that we should have nightly pg_dumpalls
etc. I'd say that backups should be left to the administrator instead.
Provide the scripts as examples of how to do a backup, but leave it as
that. If openldap tends to eat the directory, this needs to be fixed
rather than installing such a backup script by default (which is not a
real fix).
Nils
--
Nils Philippsen / Red Hat / nphilipp at redhat.com
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- B. Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011
More information about the fedora-devel-list
mailing list