Sometimes the administrator may wish to migrate users from one cluster to another (e.g. when setting up a new cluster from scratch).
Backup
Since BCM’s LDAP uses standard Linux openldap, slapcat can be used to export the data from the old head node, with something like:
/cm/local/apps/openldap/sbin/slapcat -f /cm/local/apps/openldap/etc/slapd.conf -l backup.ldifYou may also use one of the backup .ldif files that is located in /var/lib/ldap/backup, they will need to be uncompressed before they can be used for restoration.
Restore
A backup .ldif may be restored by stopping the appropriate services and updating the LDAP databases.
systemctl stop cmd
systemctl stop slapd
sudo -u ldap /cm/local/apps/openldap/sbin/slapadd -v -c -l backup.ldif -f /cm/local/apps/openldap/etc/slapd.conf
systemctl start slapd
systemctl start cmd
Once complete, please confirm that the ownership of the files in /var/lib/ldap, excluding the backup directory, should be owned by the user ldap. You can use the following command to confirm that all LDAP database files are owned by ldap. This command should return no files.
find /var/lib/ldap -maxdepth 0 -type f -not -user ldap
After users are restored you may need to recreate any applied profile. You can do this by resetting the value in the user entity via cmsh.
[ew-b81-c7u5-01-11->user[eric]]% get profile
readonly
[ew-b81-c7u5-01-11->user[eric]]% set profile readonly
[ew-b81-c7u5-01-11->user[eric]]% commit