3.2.2. Maintaining Directory Databases

This section describes jobs associated with maintaining directory databases. It includes the following procedures: Placing a Database in Read-Only Mode

When a database is in read-only mode, you cannot create, modify, or delete any entries. One of the situations when read-only mode is useful is for manually initializing a consumer or before backing up or exporting data from the Directory Server. Read-only mode ensures a faithful image of the state of these databases at a given time.
The Directory Server Console and the command-line utilities do not automatically put the directory in read-only mode before export or backup operations because this would make your directory unavailable for updates. However, with multi-master replication, this might not be a problem. Making a Database Read-Only Using the Console
To place a database in read-only mode from the Directory Server Console, do the following:
  1. In the Directory Server Console, select the Configuration tab.
  2. Expand Data in the left pane. Expand the suffix containing the database to put in read-only mode.
  3. Select the database to put into read-only mode.
  4. Select the Database Settings tab in the right pane.
  5. Select the database is read-only checkbox.
  6. Click Save.
The change takes effect immediately.
Before importing or restoring the database, ensure that the databases affected by the operation are not in read-only mode.
To disable read-only mode, open the database up in the Directory Server Console again and uncheck the database is read-only checkbox. Making a Database Read-Only from the Command Line
To manually place a database into read-only mode, do the following:
  1. Run ldapmodify.[2]
    ldapmodify -p 389 -D "cn=directory manager" -w secret -h us.example.com
  2. Change the read-only attribute to on
    dn: cn=database_name,cn=ldbm database,cn=plugins,cn=config
    changetype: modify
    replace: nsslapd-readonly
    nsslapd-readonly: on


By default, the name of the database created at installation time is userRoot. Placing the Entire Directory Server in Read-Only Mode
If the Directory Server maintains more than one database and all databases need to be placed in read-only mode, this can be done in a single operation.


This operation also makes the Directory Server configuration read-only; therefore, you cannot update the server configuration, enable or disable plug-ins, or even restart the Directory Server while it is in read-only mode. Once read-only mode is enabled, it cannot cannot be undone from the Console; you must modify the configuration files.


If Directory Server contains replicas, do not use read-only mode because it will disable replication.
To put the Directory Server in read-only mode, do the following:
  1. In the Directory Server Console, select the Configuration tab, and then select the top entry in the navigation tree in the left pane.
  2. Select the Settings tab in the right pane.
  3. Select the Make Entire Server Read-Only checkbox.
  4. Click Save, and then restart the server.