How do I clone an OpenLDAP database

The problem with SourceRebels’ answer is that slapcat(8) does not guarantee that the data is ordered for ldapadd(1)/ldapmodify(1).

From man slapcat (from OpenLDAP 2.3) :

The LDIF generated by this tool is suitable for use with slapadd(8).
As the entries are in database order, not superior first order, they
cannot be loaded with ldapadd(1) without first being reordered.

(FYI: In OpenLDAP 2.4 that section was rephrased and expanded.)

Plus using a tool that uses the backend files to dump the database and then using a tool that loads the ldif through the ldap protocol is not very consistent.

I’d suggest to use a combination of slapcat(8)/slapadd(8) OR ldapsearch(1)/ldapmodify(1). My preference would go to the latter as it does not need shell access to the ldap server or moving files around.

For example, dump database from a master server under dc=master,dc=com and load it in a backup server

$ ldapsearch -Wx -D "cn=admin_master,dc=master,dc=com" -b "dc=master,dc=com" -H ldap:// -LLL > ldap_dump-20100525-1.ldif
$ ldapadd -Wx -D "cn=admin_backup,dc=backup,dc=com" -H ldap:// -f ldap_dump-20100525-1.ldif

The -W flag above prompts for ldap admin_master password however since we are redirecting output to a file you wont see the prompt – just an empty line. Go ahead and type your ldap admin_master password and enter and it will work. First line of your output file will need to be removed (Enter LDAP Password:) before running ldapadd.

Last hint, ldapadd(1) is a hard link to ldapmodify(1) with the -a (add) flag turned on.

Leave a Comment