##
## configuration file for openldap backups
##
-## The LDIFs generated are suitable for use with slapadd. As the
-## entries are in database order, not superior first order, they
-## cannot be loaded with ldapadd without being reordered.
+## If the method is set to "slapcat", the LDIFs generated are
+## suitable for use with slapadd. As the entries are in database
+## order, not superior first order, they cannot be loaded with
+## ldapadd without being reordered.
##
## backupdir (default /var/backups/ldap): the destination for the backups
## compress (default yes): if set to yes, ldif exports are gzipped.
# compress = yes
+
+## restart (default no): if set to yes, slapd is stopped before backups are
+## performed, and then started again after they have finished, this is necessary
+## if your backend is ldbm and your method is slapcat, but unnecessary otherwise.
+# restart = no
+
+## method (default ldapsearch): either 'ldapsearch' or 'slapcat'
+## ldapsearch is the safer method to do backups, but is slow, slapcat
+## is much faster, but should not be done on an ldbm backend unless you have
+## restart set to yes
+## NOTE: with the ldapsearch method passwordfile and binddn need to be set
+# method = ldapsearch
+
+## passwordfile (no default): this should be set to the file that contains
+## your ldap password, this is required for ldapsearch and not needed for slapcat
+## this file should have no newlines in it, echo -n "password" > passfile works.
+## NOTE: be sure to set the permissions on your password file appropriately
+## (hint: world readable is not appropriate)
+# passwordfile =
+
+## binddn (no default): set this to the DN of the user that the ldapsearch binds
+## to, not needed for slapcat
+# binddn =
+