<quote who="Nils Philippsen"> > On Fri, 2005-03-04 at 17:06 +0000, Gavin Henry wrote: >> <quote who="Steven Pritchard"> >> > I posted this to bugzilla a while back... >> > >> > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148972 >> > >> > Can anyone think of a reason why it would be bad for openldap to >> > include a script to do a nightly slapcat dump to a file? >> > >> > If not, I included the script, logrotate entry, and spec patch in that >> > bugzilla ticket, so if someone @redhat could look at it, I'd >> > appreciate it greatly. :-) >> >> I think that this a good idea and it's good that the script shuts down >> the >> ldap server, as you can only do a slapcat on a running server, if it's a >> bdb/hdb backend. > > Mind that this in itself can be seen as a slight DOS -- some sites need > LDAP for authentication issues. Yes, I forgot that part. Remember, LDAP can be used for mail alias lookup, dns, printers etc. etc. These things need to be run all night. Good point. > >> IMHO, I think that this backup decision should ultimately be left up to >> the admin, as it's a security risk having the whole ldap tree in plain >> text, even though it's owned be root. > > In the same vein you could argue that we should have nightly pg_dumpalls > etc. I'd say that backups should be left to the administrator instead. > Provide the scripts as examples of how to do a backup, but leave it as > that. If openldap tends to eat the directory, this needs to be fixed > rather than installing such a backup script by default (which is not a > real fix). > > Nils > -- > Nils Philippsen / Red Hat / nphilipp@xxxxxxxxxx > "They that can give up essential liberty to obtain a little temporary > safety deserve neither liberty nor safety." -- B. Franklin, 1759 > PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011 > > -- > fedora-devel-list mailing list > fedora-devel-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-devel-list >