On Fri, 2005-03-04 at 17:06 +0000, Gavin Henry wrote: > <quote who="Steven Pritchard"> > > I posted this to bugzilla a while back... > > > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148972 > > > > Can anyone think of a reason why it would be bad for openldap to > > include a script to do a nightly slapcat dump to a file? > > > > If not, I included the script, logrotate entry, and spec patch in that > > bugzilla ticket, so if someone @redhat could look at it, I'd > > appreciate it greatly. :-) > > I think that this a good idea and it's good that the script shuts down the > ldap server, as you can only do a slapcat on a running server, if it's a > bdb/hdb backend. Mind that this in itself can be seen as a slight DOS -- some sites need LDAP for authentication issues. > IMHO, I think that this backup decision should ultimately be left up to > the admin, as it's a security risk having the whole ldap tree in plain > text, even though it's owned be root. In the same vein you could argue that we should have nightly pg_dumpalls etc. I'd say that backups should be left to the administrator instead. Provide the scripts as examples of how to do a backup, but leave it as that. If openldap tends to eat the directory, this needs to be fixed rather than installing such a backup script by default (which is not a real fix). Nils -- Nils Philippsen / Red Hat / nphilipp@xxxxxxxxxx "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- B. Franklin, 1759 PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011
