Hi Experts,
We are using 389 DS as authentication source for a web portal. Their is about 45 millions entries. The user data is distributed accros the Directory Server (just cn, sn and password are valued) and an Oracle Database (All identification and business related data). The challenge here is to keep consistent accros those two systems (a user having an entry in the database should have one in the Directory Server). This especially requires being able to perform a point-in-time restore of the Directory Server (No problem with the Oracle Database, we able to do that).
Our environment is made of two Directory Servers in a multi-master replication.
I came up with waht I think can be a solution but something is telling me their should be a better way to do that. So here am to ask for advices from yours experts :
Here what I think be a solution but not confident about that:
-The backup files and changelog db are store in a share storage monted on the Directory Server
-Every week, take a (full) backup of the server (using db2bak)
-Whenever their is a issues:
-Disable replication
-Make a point-in-time recovery of my database
-Create a script that dump the changelog db to an ldif file (using dbscan)
-Parse the ldif to obtain a compliant ldif file
-Truncate the ldif file to juste keep the changes to be restored
-Restore the two Directory Server using their corresponding (full) backups (the weekly ones)
-Active replication
-Replay the ldif computed from the changelog db using ldapmodify
This seems daunting, cumbersome... So any advices ?
Thank you in advance for your responses.
Kind Regards,
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
