Sometimes the administrator may wish to migrate users from one cluster to another (e.g. when setting up a new cluster from scratch).
Backup
Since BCM’s LDAP uses standard Linux openldap, slapcat can be used to export the data from the old head node, with something like:
/cm/local/apps/openldap/sbin/slapcat -f /cm/local/apps/openldap/etc/slapd.conf -l backup.ldifYou may also use one of the backup .ldif files that is located in /var/lib/ldap/backup, they will need to be uncompressed before they can be used for restoration.
Restore
A backup .ldif may be restored by stopping the appropriate services and updating the LDAP databases.
systemctl stop cmd
systemctl stop slapd
/cm/local/apps/openldap/sbin/slapadd -v -c -l backup.ldif -f \ /cm/local/apps/openldap/etc/slapd.conf
chown -R ldap:ldap /var/lib/ldap
systemctl start slapd
systemctl start cmd
When importing the .ldif onto a BCM 10 head node, you may see some “scary-looking” command output similar to the following. Please note that this output may be safely disregarded:
6793fb78 => bdb_tool_entry_put: id2entry_add failed: BDB0067 DB_KEYEXIST: Key/data pair already exists (-30994)
6793fb78 => bdb_tool_entry_put: txn_aborted! BDB0067 DB_KEYEXIST: Key/data pair already exists (-30994)
slapadd: could not add entry dn="dc=cm,dc=cluster" (line=1): txn_aborted! BDB0067 DB_KEYEXIST: Key/data pair already exists (-30994)
Once complete, please confirm that the ownership of the files in /var/lib/ldap, excluding the backup directory, should be owned by the user ldap. You can use the following command to confirm that all LDAP database files are owned by ldap. This command should return no files.
find /var/lib/ldap -maxdepth 0 -type f -not -user ldap
After users are restored you may need to recreate any applied profile. You can do this by resetting the value in the user entity via cmsh.
[ew-b81-c7u5-01-11->user[eric]]% get profile
readonly
[ew-b81-c7u5-01-11->user[eric]]% set profile readonly
[ew-b81-c7u5-01-11->user[eric]]% commit