vaab's questions

I can't get to make this configuration work as expected:

# Database LDAP for ldap1
database        ldap
suffix          "ou=ldap1,dc=local"
uri ldap://ldap1
idassert-bind bindmethod=simple
   binddn="cn=admin,dc=ext1"
   credentials="secret3"
   mode=none
   flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=manager,dc=local"
overlay rwm
rwm-suffixmassage   "ou=ldap1,dc=local" "dc=ext1"
subordinate

# Database LDAP for ldap2
database        ldap
suffix          "ou=ldap2,dc=local"
uri  ldap://ldap2
idassert-bind bindmethod=simple
  binddn="cn=admin,dc=ext2"
  credentials="secret2"
  mode=none
  flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=manager,dc=local"
overlay rwm
rwm-suffixmassage   "ou=ldap2,dc=local" "dc=ext2"
subordinate

# Database LDAP for local Manager authentication
database ldap
readonly                yes
suffix "dc=local"
rootdn "cn=manager,dc=local"
rootpw secret1

Knowing that in ldap2, there's an entry for "cn=test", I'm only wanting that querying the master LDAP server (with base: "dc=local) would work, so basically, I'm looking to make this work:

 ldapsearch -x -b "dc=local" -D "cn=manager,dc=local" cn=test -H ldap://localhost -w secret1

Actually this query will stall...

Of course, querying the subordinate with base "ou=ldap2,dc=local" works flawlessly and return the correct entry. This is the query that works:

 ldapsearch -x -b "ou=ldap2,dc=local" -D "cn=manager,dc=local" cn=test -H ldap://localhost -w secret1

What is my mistake ? I'd like to glue both server to effectively search between both ldap1 and ldap2 servers with one request on the master.

I'm looking to make very frequent backup (every hour) of postgres data on several VMs (say 20-50) towards the same archive server.

Here are more data if needed: Ideally, the system should support the load of 80 to 200 databases located on all VMs. The databases are small (10MB - 100MB) to medium sized (500MB - 2GB), composed of hundredth of tables, a small portion of these tables can easily contain several thousands of lines up to around a million of lines. Changes to the database is often new records, some updates, not so much deletion. The bandwidth would be 100Mbits/s.

As I'm already doing so with a standard filesystem using incremental backup (rsync), I'm wondering if something similar could be achieved with postgres database backups.

I have several possible options:

• I could choose to put database on snapshotable filesystem (aufs docker style, ZFS, btrfs, but some of these seems really slowing down postgres).
• I'm ready to use WAL if necessary
• It would be better if I can backup only at the database level if necessary. As I do not need to backup the whole postgres data, only the customers databases.
• I have some disk space on the postgres server that could keep an intermediate backup.
• I can afford some reasonable CPU workload on the VM side, but would rather minimize it on the backup server as it'll add up the more database to backup there will be.
• I'm not really looking for continuous backup or PITR recovery options. My backup server has a file based system (brfs) to do efficient periodic snapshots of backups. It's good enough.

I've thought about:

• using rsync in combination with pg_dump locally to the server in SQL, but I'm not sure which of the different format I should use to keep maximum efficiency.
• using snapshotable filesystem that allows to send binary diffs at the block level (btrfs and ZFS are good at it) with or without using a local dump (same question about the backup format to use).
• I've learned about the existence of pg_rman, I don't really know if it can be relied upon, and the setup and various process seems slightly heavier than pg_dump. Would it support having only incremental backups ? And can we have a practical format on the backup side ?.

and is there another way than incremental backups to reach small bandwith ?

So... how could I minize bandwith in my postgres backup scenario ?

I have hosta and hostb, two dedicated server in the same area (same bay?).

Ping and communication towards these hosts are okay. But hosta seems to have all its outgoing communications on port 25 blocked somehow:

With nc working-smtp 25 (and and port 80) on both hosts. I figured that:

• hosta has all it's outgoing communication timeouted on port 25 only.
• hostb work fine.

Note that working-smtp is a working smtp server unrelated to both of them, practical to make test (and where I have put a tcpdump to double check connections.)

BTW, both hosts can ping working-smtp.

So I did a traceroute -p 25 -T working-smtp, and first two server in both traceroute are EXACTLY the same:

# traceroute -p 25 -T working-server
traceroute to working-server (xx.xx.xx.xx), 30 hops max, 60 byte packets
 1  A (xx.xx.xx.xx)  0.363 ms * *
 2  B (xx.xx.xx.xx)  0.819 ms  1.063 ms  1.166 ms
...

(A and B are network gateways out of my control from the dedicated bay.)

• On hosta, the next hops are * * * until it reaches max hop number.
• On hostb, the next hops are all valued and it reaches working-server in 6 hops.

If I do the same traceroute with port 80, both server reaches the target with the same track.

What conclusion could we draw ? Is there more test to do ? Should I contact my dedicated server provider ?

Using setfacl command line arguments, is there a way to set/unset a single flag as the following command will do ?

chmod g+x FILE

Please note that:

setfacl g::x   FILE
setfacl g::--x FILE

are equivalent and will set executable bit and remove read a write flag. And thus these commands are not setting/unsetting an individual flag but 3 flags at once.