Hi, and thanks for the help
I am using db2bak.pl the perl script because I have a master-slave installation.
In the documentation (Admin guide/ page 161) it is said that:
"If the database being backed up is a master database, meaning it keeps a changelog, then it
must be backed up using the db2bak.pl Perl script or using the Directory Server Console if
the server is kept running. The changelog only writes its RUV entries to the database when the
server is shut down; while the server is running, the changelog keeps its changes in memory.
For the Perl script and the Console, these changelog RUVs are written to the database before
the backup process runs. However, that step is not performed by the command-line script.
The db2bak should not be run on a running master server. Either use the Perl script or stop
the server before performing the backup."
"If the database being backed up is a master database, meaning it keeps a changelog, then it
must be backed up using the db2bak.pl Perl script or using the Directory Server Console if
the server is kept running. The changelog only writes its RUV entries to the database when the
server is shut down; while the server is running, the changelog keeps its changes in memory.
For the Perl script and the Console, these changelog RUVs are written to the database before
the backup process runs. However, that step is not performed by the command-line script.
The db2bak should not be run on a running master server. Either use the Perl script or stop
the server before performing the backup."
For now I am using the -j option
Regards.
2016-03-10 2:43 GMT+01:00 Mark Reynolds <mareynol@xxxxxxxxxx>:
On 03/09/2016 08:12 PM, William Brown wrote:
YesOn Wed, 2016-03-09 at 20:05 -0500, Mark Reynolds wrote:On 03/09/2016 05:37 PM, William Brown wrote:On Wed, 2016-03-09 at 12:06 +0100, wodel youchi wrote:Hi, Is it possible to create a specific user to use to backup 389DS server other than the Directory Manager, to use the db2bak.pl with a cronjob without exposing the DM password.Try using db2bak rather than db2bak.pl. db2bak should operate just on the named instance, without needing a directory manager account. You can run it from cron as root then.You can also specify the DM password via a file (-j option).I think the difference is db2bak.pl is a script that adds a task to cn=tasks,cn=config. db2bak actually just calls ns-slapd to run the backup directly. That's why you need the different details.Also, you can add aci's to cn=config to allow a different user to perform these tasks. For example if you just want a different user to be able to perform backups you would set an allow(all) aci on "dn: cn=backup,cn=tasks,cn=config".As in: allow(all) userdn="cn=backupuser,ou=serviceaccounts,dc=example,dc=com" ? Then cn=backupuser could create the task?
Correct "all" is not necessary, but it would need "add, search, read" rightsAlso, wouldn't it only need write permissions?
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx