LDAP in the Solaris Operating Environment[c] Deploying Secure Directory Services

There are two types of data that need to be backed up. These are:

  • Directory configuration data

  • Directory user data

Directory configuration data can be shared among several directory servers, so only needs to be backed up on the directory server instance that contains the configuration data. In most cases, the configuration data is fairly static and does not need to be backed up repeatedly.

Directory data is contained in databases other than o=NetscapeRoot . By default, a UserRoot database is created during the directory server installation. Additional databases might also exist. Backups can either be done online or offline.

Note

The examples shown in this section are for use with the SVR4 packages version of Sun ONE Directory Server 5.2 software. To run them on the compressed tar file version, run the commands shown directly from the slapd- instance instead of using the directoryserver wrapper script.

Configuration Data Backup and Restore

The directoryserver wrapper can be executed with the saveconfig subcommand, as shown below.

# /usr/sbin/directoryserver -s hosta saveconfig /var/mps/serverroot/slapd-hosta/saveconfig saving configuration ... ldiffile: /var/mps/serverroot/slapd- hosta/confbak/2002_11_11_091333.ldif [11/Nov/2002:09:13:35 -0500] - export NetscapeRoot: Processed 94 entries (100%). #

The saveconfig subcommand actually invokes the saveconfig shell script located in the /var/mps/serverroot/slapd- instance directory. The command can be run with the directory server running or stopped . You must be logged in as root to run the command.

To restore the configuration, the directory server must be stopped. The following example shows how a saved configuration is restored.

# directoryserver stop /var/mps/serverroot/slapd-hosta/stop-slapd # directoryserver -s hosta restoreconfig /var/mps/serverroot/slapd-hosta/restoreconfig Restoring /var/mps/serverroot/slapd- hosta/confbak/2002_11_11_091333.ldif [11/Nov/2002:09:26:10 -0500] - import NetscapeRoot: Index buffering enabled with bucket size 15 [11/Nov/2002:09:26:10 -0500] - import NetscapeRoot: Beginning import job... [11/Nov/2002:09:26:11 -0500] - import NetscapeRoot: Processing file "/var/mps/serverroot/slapd- hosta/confbak/2002_11_11_091333.ldif" [11/Nov/2002:09:26:11 -0500] - import NetscapeRoot: Finished scanning file "/var/mps/serverroot/slapd- hosta/confbak/2002_11_11_091333.ldif" (94 entries) [11/Nov/2002:09:26:11 -0500] - import NetscapeRoot: Workers finished; cleaning up... [11/Nov/2002:09:26:14 -0500] - import NetscapeRoot: Workers cleaned up. [11/Nov/2002:09:26:14 -0500] - import NetscapeRoot: Cleaning up producer thread... [11/Nov/2002:09:26:14 -0500] - import NetscapeRoot: Indexing complete. Post-processing... [11/Nov/2002:09:26:14 -0500] - import NetscapeRoot: Flushing caches... [11/Nov/2002:09:26:14 -0500] - import NetscapeRoot: Closing files... [11/Nov/2002:09:26:14 -0500] - import NetscapeRoot: Import complete. Processed 94 entries in 4 seconds. (23.50 entries/sec) # directoryserver start /var/mps/serverroot/slapd-hosta/start-slapd #

Note

The saveconfig command only backs up data used by the Administration Server and Sun ONE Console. Other data such as dse.ldif and changes to schema files should also be backed up regularly.

Directory Data Backup and Restore

The db2bak subcommand is used to back up all your databases while the directory server is offline or online. You must be logged in as root to run this command. The default location for backups is /var/mps/serverroot/slapd- instance /bak . Backups can grow to a large size, so it is wise to place them on a separate partition.

The following example shows backing up a database using db2bak .

# directoryserver stop /var/mps/serverroot/slapd-hosta/stop-slapd # directoryserver -s hosta db2bak /var/mps/serverroot/slapd- hosta/db2bak [11/Nov/2002:09:36:45 -0500] - Backing up file 1 (/var/mps/serverroot/slapd- hosta/bak/2002_11_11_09_36_43/userRoot/id2entry.db3) [11/Nov/2002:09:36:45 -0500] - Backing up file 2 (/var/mps/serverroot/slapd- hosta/bak/2002_11_11_09_36_43/userRoot/entrydn.db3) ... [11/Nov/2002:09:36:47 -0500] - Backing up file 24 (/var/mps/serverroot/slapd- hosta/bak/2002_11_11_09_36_43/DBVERSION) # directoryserver start

To restore the database that was backed up in the previous example, run the bak2db command.

# directoryserver stop # directoryserver -s hosta bak2db /var/mps/serverroot/slapd- hosta/bak/2002_11_11_09_36_43 /var/mps/serverroot/slapd-hosta/bak2db /var/mps/serverroot/slapd- hosta/bak/2002_11_11_09_36_43 [11/Nov/2002:09:49:26 -0500] - Restoring file 1 (/var/mps/serverroot/slapd-hosta/db/userRoot/id2entry.db3) [11/Nov/2002:09:49:26 -0500] - Restoring file 2 (/var/mps/serverroot/slapd-hosta/db/userRoot/entrydn.db3) ... [11/Nov/2002:09:49:27 -0500] - Restoring file 24 (/var/mps/serverroot/slapd-hosta/db/DBVERSION) [11/Nov/2002:09:49:28 -0500] - libdb: warning: /var/mps/severroot/slapd-hosta/db/NetscapeRoot/uniquemember.db3: No such file or directory [11/Nov/2002:09:49:28 -0500] - libdb: warning: /var/mps/serverroot/slapd-hosta/db/NetscapeRoot/uid.db3: No such file or directory ... # directoryserver start /var/mps/serverroot/slapd-hosta/start-slapd #

Note

The warning messages can be ignored because the o=netscaperoot does not contain the default index files.

As an alternative to backing up the directory while it is online or offline, you can use the db2bak-task command which invokes the db2bak.pl Perl script. The command extracts the database data, then creates an LDIF file. The backup runs in the background. To enable you to synchronize your backup with commands that need to run after the backup is finished, a temporary directory entry can be created to flag the fact that the backup is in progress. When the backup finishes, the entry is deleted. The following example shows commands that will create this temporary directory.

# directoryserver -s hosta db2bak-task -D "cn=directory manager" -w netscape /var/mps/serverroot/slapd-hosta/db2bak.pl -D cn=directory manager -w netscape adding new entry cn=backup_2002_11_11_10_1_56, cn=backup, cn= tasks, cn=config # ldapsearch -D "cn=directory manager" -w netscape -b cn= backup,cn=tasks,cn=config objectclass=\* cn=backup, cn=tasks, cn=config objectClass=top objectClass=extensibleObject cn=backup # ls -l bak total 4 drwx------ 4 nobody nobody 512 Nov 11 09:36 2002_11_11_09_36_43 drwx------ 4 nobody nobody 512 Nov 11 10:01 2002_11_11_10_1_56 #

Note

The command requires that you provide credentials with appropriate access rights. Only Simple authentication is supported, which requires you to supply a password. Be aware that if you supply the password on the command line, it will be visible in the ps output. To prevent this, the password can be placed in a file and the -j option can be used to read it.

To restore the backup from the previous example, run the bak2db-task command as shown in the following example.

# directoryserver -s hosta bak2db-task -D "cn=directory manager" -w netscape -a /var/mps/severroot/ slapd- hosta/bak/2002_11_11_10_1_56 /var/mps/severroot/slapd-hosta/bak2db.pl -D cn=directory manager -w netscape -a /var/mps/serverroot/slapd- hosta/bak/2002_11_11_10_1_56 adding new entry cn=restore_2002_11_11_10_25_37, cn=restore, cn= tasks, cn=config #

Категории