<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div><span>Hi Rich and all,</span></div><div><br><span></span></div><div><span> the '-n ipaca' option doesn't work for CA certificate LDAP backend.</span></div><div><br><span></span></div><div><span>[root@ipslave scripts-PEGACLOUDS-COM]# pwd<br>/var/lib/dirsrv/scripts-PEGACLOUDS-COM</span></div><div><span>[root@ipaslave scripts-PEGACLOUDS-COM]# ls ../<br>scripts-PEGACLOUDS-COM slapd-PEGACLOUDS-COM slapd-PKI-IPA</span></div><div><span><br></span></div><div><span>[root@ipaslave scripts-PEGACLOUDS-COM]# ./db2ldif -n ipaca<br>Exported ldif file: /var/lib/dirsrv/slapd-PEGACLOUDS-COM/ldif/PEGACLOUDS-COM-ipaca-2012_04_30_175927.ldif<br>...<br>[30/Apr/2012:17:59:27 -0700] - ERROR: Could not find backend 'ipaca'.<br>[root@ipaslave scripts-PEGACLOUDS-COM]#
<br></span></div><div><br></div><div>--David<br><span></span></div><div><span><br></span></div><div><br></div> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <font face="Arial" size="2"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Rich Megginson <rmeggins@redhat.com><br> <b><span style="font-weight: bold;">To:</span></b> David Copperfield <cao2dan@yahoo.com> <br><b><span style="font-weight: bold;">Cc:</span></b> "freeipa-users@redhat.com" <freeipa-users@redhat.com> <br> <b><span style="font-weight: bold;">Sent:</span></b> Monday, April 30, 2012 5:38 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [Freeipa-users] Confused/lost at promoting a replica into a master<br> </font> </div> <br>
<div id="yiv187461959">
<div>
On 04/30/2012 05:52 PM, David Copperfield wrote:
<blockquote type="cite">
<div style="color:rgb(0, 0, 0);background-color:rgb(255, 255,
255);font-family:times new roman, new york, times, serif;font-size:12pt;">
<div><span>Hi Rich and all,<br>
</span></div>
<div><span><br>
</span></div>
<div><span>Thank you a lot for pointing out the place of the
scripts. <br>
</span></div>
<div><span><br>
</span></div>
<div><span>The scripts are found at the place specified and
trued, they are working great in general, but there are
still some places needs help:<br>
</span></div>
<div><br>
<span></span></div>
<div><span>1, there are no manual or help regarding the command
options. Not sure where the normal usage could be looked up.</span></div>
<div><br>
<span></span></div>
<div><span>[root@ipamaster scripts-PEGACLOUDS-COM]# man db2ldif</span><br>
<span>No manual entry for db2ldif</span></div>
<div><br>
<span>[root@ipamaster scripts-PEGACLOUDS-COM]# ./db2ldif
--help</span><br>
<span>Usage: db2ldif {-n backend_instance}* | {-s
includesuffix}*</span><br>
<span> [{-x excludesuffix}*] [-a outputfile]</span><br>
<span> [-N] [-r] [-C] [-u] [-U] [-m] [-M] [-1]</span><br>
<span>Note: either "-n backend_instance" or "-s includesuffix"
is required.</span><br>
<span>[root@ipamaster scripts-PEGACLOUDS-COM]# </span><br>
</div>
</div>
</blockquote>
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Command_Line_Scripts.html<br>
<br>
In general - you can use the .pl scripts when the server is running,
the <a target="_blank" href="http://non-.pl">non-.pl</a> scripts when the server is down. So, use <a target="_blank" href="http://ldif2db.pl">ldif2db.pl</a> to
do an online import.<br>
<br>
Also, with ipa, you can use -n userRoot or -n ipaca depending on if
this is the ipa instance or the CA instance.<br>
<blockquote type="cite">
<div style="color:rgb(0, 0, 0);background-color:rgb(255, 255,
255);font-family:times new roman, new york, times, serif;font-size:12pt;">
<div><span></span><span><br>
</span></div>
<div><span>2, what is the 'official' way increase file
descriptors for IPA & 389 Directory server??</span></div>
<div><br>
<span></span></div>
<div><span>[root@ipamaster scripts-PEGACLOUDS-COM]# ./db2ldif -s
'dc=pegaclouds,dc=com'</span></div>
<div><span>Exported ldif file:
/var/lib/dirsrv/slapd-PEGACLOUDS-COM/ldif/PEGACLOUDS-COM-pegaclouds-2012_04_30_164542.ldif<br>
[30/Apr/2012:16:45:42 -0700] -
/etc/dirsrv/slapd-PEGACLOUDS-COM/dse.ldif:
nsslapd-maxdescriptors: nsslapd-maxdescriptors: invalid
value "8192", maximum file descriptors must range from 1 to
1024 (the current process limit). Server will use a setting
of 1024.<br>
[30/Apr/2012:16:45:42 -0700] - Config Warning: -
nsslapd-maxdescriptors: invalid value "8192", maximum file
descriptors must range from 1 to 1024 (the current process
limit). Server will use a setting of 1024.<br>
...<br>
</span></div>
</div>
</blockquote>
<br>
db2ldif doesn't use file descriptors in the same way as the server
does when it is using them to listen and service incoming
connections - just ignore that message<br>
<br>
<blockquote type="cite">
<div style="color:rgb(0, 0, 0);background-color:rgb(255, 255,
255);font-family:times new roman, new york, times, serif;font-size:12pt;">
<div><span><br>
</span></div>
<div>3, the ldif2db command will abort when IPA(Directory
Server) is running. <br>
</div>
<div><br>
</div>
<div> I have to stop IPA first, then run ldif2db, and fireup IPA
at the end. It may not be a bad thing to avoid potential data
base corruption. But please confirm whether this is a feature
or a bug.<br>
<span></span></div>
<div><br>
<span></span></div>
<div><span>[root@ipamaster scripts-PEGACLOUDS-COM]# ./ldif2db -s
'dc=pegaclouds,dc=com' -i
/var/lib/dirsrv/slapd-PEGACLOUDS-COM/ldif/PEGACLOUDS-COM-pegaclouds-2012_04_30_163506.ldif
<br>
importing data ...<br>
...<br>
[30/Apr/2012:16:50:00 -0700] - Backend Instance: userRoot<br>
[30/Apr/2012:16:50:00 -0700] - Unable to import the database
because it is being used by another slapd process.<br>
[30/Apr/2012:16:50:00 -0700] - Shutting down due to possible
conflicts with other slapd processes<br>
</span></div>
</div>
</blockquote>
<br>
Use ldif2db.pl<br>
<br>
<blockquote type="cite">
<div style="color:#000;background-color:#fff;font-family:times new roman, new york, times, serif;font-size:12pt;">
<div><br>
</div>
<div>Thanks.</div>
<div><br>
</div>
<div>--David<br>
<span></span></div>
<div><span></span></div>
<div><br>
</div>
<div style="font-family:times new roman, new york, times, serif;font-size:12pt;">
<div style="font-family:times new roman, new york, times, serif;font-size:12pt;">
<div dir="ltr"> <font face="Arial" size="2">
<hr size="1"> <b><span style="font-weight:bold;">From:</span></b>
Rich Megginson <a rel="nofollow" class="yiv187461959moz-txt-link-rfc2396E" ymailto="mailto:rmeggins@redhat.com" target="_blank" href="mailto:rmeggins@redhat.com"><rmeggins@redhat.com></a><br>
<b><span style="font-weight:bold;">To:</span></b> David
Copperfield <a rel="nofollow" class="yiv187461959moz-txt-link-rfc2396E" ymailto="mailto:cao2dan@yahoo.com" target="_blank" href="mailto:cao2dan@yahoo.com"><cao2dan@yahoo.com></a> <br>
<b><span style="font-weight:bold;">Cc:</span></b> E
Deon Lackey <a rel="nofollow" class="yiv187461959moz-txt-link-rfc2396E" ymailto="mailto:dlackey@redhat.com" target="_blank" href="mailto:dlackey@redhat.com"><dlackey@redhat.com></a>;
<a rel="nofollow" class="yiv187461959moz-txt-link-rfc2396E" ymailto="mailto:freeipa-users@redhat.com" target="_blank" href="mailto:freeipa-users@redhat.com">"freeipa-users@redhat.com"</a>
<a rel="nofollow" class="yiv187461959moz-txt-link-rfc2396E" ymailto="mailto:freeipa-users@redhat.com" target="_blank" href="mailto:freeipa-users@redhat.com"><freeipa-users@redhat.com></a> <br>
<b><span style="font-weight:bold;">Sent:</span></b>
Monday, April 30, 2012 4:23 PM<br>
<b><span style="font-weight:bold;">Subject:</span></b>
Re: [Freeipa-users] Confused/lost at promoting a replica
into a master<br>
</font> </div>
<br>
<div id="yiv187461959">
<div> On 04/30/2012 04:58 PM, David Copperfield wrote:
<blockquote type="cite">
<div style="color:rgb(0, 0,
0);background-color:rgb(255, 255,
255);font-family:times new roman, new york, times, serif;font-size:12pt;">Hi,<br>
<br>
><br>
<div style="font-family:times new roman, new york, times, serif;font-size:12pt;">
<div style="font-family:times new roman, new york, times, serif;font-size:12pt;">
<div id="yiv187461959">
<div> > Currently, there is no disaster
recovery or backup information. There are a
couple of RFEs open to develop this
information. My understanding (and this is
something that <br>
> Dmitri or one of the engineers can
explain better) is that the best thing to do
is to back up the DS instances using db2ldif
and then spin up a new server/replica
instance and <br>
> import the backed up data using
ldif2db.<br>
<br>
Thanks for pointing out a way to do partial
backup/restore.<br>
<br>
But the command db2ldif, or its sibling
command ldif2db can not be located on IPA
master/replica.</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
look in /var/lib/dirsrv/scripts-YOURDOMAIN-YOURTLD<br>
<br>
<blockquote type="cite">
<div style="color:#000;background-color:#fff;font-family:times new roman, new york, times, serif;font-size:12pt;">
<div style="font-family:times new roman, new york, times, serif;font-size:12pt;">
<div style="font-family:times new roman, new york, times, serif;font-size:12pt;">
<div id="yiv187461959">
<div>The IPA servers only install 389-ds-base
and 389-ds-base-libs RPMs. and the two
commands doesn't show up anywhere. <br>
<br>
Could anyone elaborate how to use the two
template commands, or please point me to the
document or http link(s) is enough. Thanks a
lot.<br>
<br>
<div style="margin-left:40px;">[root@ipamaster
script-templates]# rpm -qa | grep 389<br>
389-ds-base-1.2.9.14-1.el6_2.2.x86_64<br>
389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64<br>
<br>
[root@ipamaster script-templates]# rpm -ql
389-ds-base 389-ds-base-libs | grep -P
'db2ldif|ldif2db'<br>
/usr/share/dirsrv/script-templates/template-db2ldif<br>
/usr/share/dirsrv/script-templates/template-db2ldif.pl<br>
/usr/share/dirsrv/script-templates/template-ldif2db<br>
/usr/share/dirsrv/script-templates/template-ldif2db.pl<br>
[root@ipamaster script-templates]# <br>
</div>
<br>
--David<br>
<br>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="yiv187461959mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
Freeipa-users mailing list
<a rel="nofollow" class="yiv187461959moz-txt-link-abbreviated" ymailto="mailto:Freeipa-users@redhat.com" target="_blank" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a rel="nofollow" class="yiv187461959moz-txt-link-freetext" target="_blank" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</div>
</div>
<br>
<br>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div><br><br> </div> </div> </div></body></html>