Backing up and restoring Directory Server data and configuration has become easier and better documented in the past few releases. Nevertheless, there are still some questions about how to back up both the directory data and the directory configuration.
First of all, if you are using a recent version of Directory Server you can use frozen mode and then perform file system snapshots. When you use Directory Server on Solaris 10 and put your data on ZFS, you can save and restore ZFS snapshots after you put Directory Server into frozen mode.
For Directory Server 6.x, you can put a server into frozen mode using the dsconf set-server-prop command.
dsconf set-server-prop -p 1389 read-write-mode:frozen
See the Solaris ZFS Administration Guide for more information on saving and restoring ZFS snapshots. You can even save onto and restore snapshots from a remote system, or use other backup software.
For Directory Server 6.x, you can put a server back into read-write mode using the dsconf set-server-prop command again.
dsconf set-server-prop -p 1389 read-write-mode:read-write
Otherwise, backing up Directory Server can be done online by bringing the server instance into a read-only state, backing up databases, configuration, and custom schema, and then bringing the server instance back into read-write state.
Do not make configuration changes while the server is being backed up, even though technically you can. (The configuration remains read-write while the rest of the server is read-only, because the configuration contains information about whether the server is read-write or read-only.)
Bring Directory Server into a read-only state.
For Directory Server 6.x, you can put a server into read-only mode as follows.
dsconf set-server-prop -p 1389 read-write-mode:read-only
For Directory Server 5.x, you can modify the nsslapd-readonly attribute using the following LDIF.
dn: cn=config changetype: modify replace: nsslapd-readonly nsslapd-readonly: on
If the directory is replicated, this step will cause replication errors, by the way. Replication will attempt to continue, but will not be able to complete any operations.
Either backup to LDIF (more portable) or to binary backup (still somewhat portable for versions supporting binary copy).
# 6.x LDIF backup dsadm export /path/to/ds dc=example,dc=com /safe/place/Example.ldif # 6.x binary backup dsadm backup /path/to/ds /safe/place # 5.x LDIF backup ServerRoot/slapd-instance/db2ldif -a /safe/place/Example.ldif -s dc=example,dc=com # 5.x binary backup ServerRoot/slapd-instance/db2bak. /safe/place
Copy the dse.ldif configuration file to a safe place.
# 6.x cp /path/to/ds/config/dse.ldif /safe/place/ # 5.x cp ServerRoot/slapd-instance/config/dse.ldif /safe/place/
Copy your specific schema modifications to a safe place.
If you modified directory schema over LDAP, then your modifications are all in 99user.ldif. If you updated the schema by adding files, you might have a number of schema files that you must copy during this step, not just 99user.ldif.# 6.x cp /path/to/ds/config/schema/99user.ldif /safe/place/ # 5.x cp ServerRoot/slapd-instance/config/schema/99user.ldif /safe/place/
Bring Directory Server back into a read-write state.
For Directory Server 6.x, use the dsconf command.
dsconf set-server-prop -p 1389 read-write-mode:read-write
For Directory Server 5.x, you can modify the nsslapd-readonly attribute using the following LDIF.
dn: cn=config changetype: modify replace: nsslapd-readonly nsslapd-readonly: off
Restoring Directory Server from backup potentially starts with a reinstall of both the operating system and also Directory Server with the same configuration as the original system. Having the same configuration is particularly important if you want to restore from binary backup. The following steps assume that you are restoring after a severe system failure.
Install both the operating system and also Directory Server with the same configuration as the original system.
Stop Directory Server and all application processes.
Overwrite the Directory Server configuration with the backup version.
# 6.x cp /safe/place/dse.ldif /path/to/ds/config/ # 5.x cp /safe/place/dse.ldif ServerRoot/slapd-instance/config/
Restore your schema modifications from backup.
If you updated the schema by adding files rather than over LDAP, you might have a number of schema files that you must copy during this step, not just 99user.ldif.# 6.x cp /safe/place/99user.ldif /path/to/ds/config/schema/ # 5.x cp /safe/place/99user.ldif ServerRoot/slapd-instance/config/schema/
Restore all non-replicated backend databases from LDIF or binary backup.
If your directory data is replicated, consider restoring the data by initializing the replica from a supplier. See the documentation for your Directory Server version, [6.0] [5.2] [5.1], for more information.
# 6.x LDIF restore dsadm import /path/to/ds /safe/place/Example.ldif dc=example,dc=com # 6.x binary restore dsadm restore /path/to/ds /safe/place # 5.x LDIF restore ServerRoot/slapd-instance/ldif2db -n example -i /safe/place/Example.ldif # 5.x binary restore ServerRoot/slapd-instance/bak2db /safe/place
Restart Directory Server and bring it into read-write state.
# 6.x dsadm restart /path/to/ds dsconf set-server-prop -p 1389 read-write-mode:read-write # 5.x ServerRoot/slapd-instance/start-slapd ldapmodify -D "cn=Directory Manager" -w - Enter bind password: dn: cn=config changetype: modify replace: nsslapd-readonly nsslapd-readonly: off
Reinitialize replication agreements restored if the Directory Server instance is a supplier.
Restart application processes on the system.
Posted by Ludovic Poitou on June 01, 2007 at 09:24 AM CEST #
hi
it's a very neat post.
but i would like to ask if it is possible to do binary and ldif backups automatically like a service? if yes, how can i set it up?
thank you
Posted by Girlie Tan on January 22, 2008 at 11:30 AM CET #
On UNIX and Linux, I'd use cron to run a job that does the backup. Your crontab man page describes the format. Also check out this short discussion about environment variables, http://forum.java.sun.com/thread.jspa?threadID=5056990&messageID=9216047
On Windows... um, I admit my ignorance right here to everyone on the World Wide Web. Isn't there something like a backup scheduler on Windows?
Posted by Mark on February 09, 2008 at 08:00 AM CET #
thank you for your reply.
the problem has been solved now, i used the task scheduler to run batch file to backup sun directory server.
i had set up the task scheduler incorrectly so it didn't run as smoothly as i thought it would but it is now fixed.
thank you.
Posted by 118.169.197.222 on February 11, 2008 at 05:03 AM CET #
Shouldn't you be using dsconf instead of dsadm for the backups ? When I try and use dsadm it says : "The instance must be stopped."
Posted by Steve Mitchell on February 29, 2008 at 12:46 AM CET #
You are right that dsconf lets you perform online backups, whereas dsadm does the same offline.
How you do the backup in fact depends a bit on your particular deployment. Some directory administrators take their directory for backup offline and let other replica handle the load while they back up. Others keep the server online so it can continue to serve requests.
Still others keep the directory online, bring it into frozen mode, and take a snapshot of the file system while the server is quiescent. There's more than one way to do it, as Larry Wall said. (On the other hand, I hope my explanation is clearer than some of the Perl scripts I've written.)
Posted by Mark on February 29, 2008 at 08:53 AM CET #