Sun one Directory server backup and Recovery

1.1 IntroductionThe Sun ONE Directory Server product provides several backup and recovery tools. However, these tools need to be utilized in a way that provides the best strategy for backing up all LDAP servers associated with a directory service.

1.2 Levels of Backup
Following are few different levels we take backups on the directory services
 Database level data backups

 Configuration backups by server and configuration suffix (e.g., o=NetscapeRoot, cn=config, etc.)

 The ability to recover any directory server by type (i.e., master, replica hub, consumer, or backup)

1.3 SunONE Directory Backup UtilitiesTo accomplish the Backup & Recovery, SunONE Directory Services Provides
different tools.

 Bulk Import with ldapmodify

 Binary Restore with bak2db.pl

 Import with ldif2db.pl

 Binary Restore with bak2db

 Import with ldif2db

 Manual Restore

1.3.1 Bulk Import With ldapmodify
 SunONE Directory 5.x provides a new optional flag called the bulk
import flag (-B ) which represents the Base DN.

 The bulk import replaces all the data of a local or remote directory server backend database according to the suffix name passed as input to the “-B” flag.

 The bulk load is much faster than a standard ldapmodify operation because it does not perform the standard entry checks per entry as the data is loaded into the database.

 It overwrites all data in the database.

 This recovery is based on an LDIF file and not on binary backup
files.

Ex: We want to restore ou=people tree under dc=wipro,dc=com DIT

$ ldapmodify -h hostname -a -f people.ldif -D "cn=directory manager" -w bindPassword –B “dc=wipro,dc=com”

1.3.2 Binary Restore with bak2db.pl The bak2db.pl script overwrites the contents of an entire directory server instance using the backup created by db2bak.pl.

 The overwritten data includes the directory server instance configuration data and suffix databases.

 The input directory name passed to the “-a ” option must be the name of the backup directory on the server to be restored.

 It should also be noted that the recovery process invoked by the restore task takes the destination server’s backend database offline during the restore and then brings it back online upon completion.

Ex: To backup/restore the complete directory services

$ db2bak.pl –v –D “cn=directory manager” –w password –a BackUp Directory –t ldbm

Restoring the complete directory:

$ bak2db.pl –v –D “cn=directory manager” –w password –a BackUp Directory –t ldbm


1.3.3 Import with ldif2db.pl The ldif2db.pl perl script overwrites the contents of a directory server database.

 This script imports LDAP data from one or more LDIF input files into a single LDAP database.

 This task tells the directory server instance that it is about to overwrite the existing data with the contents of an input file through the import method.

 It should be noted that the recovery process, invoked by using the restore task, takes the destination server’s backend database offline during the restore and then brings it back online upon completion.

Ex: Backing up and restoring the directory database

$ ldif2db.pl –D “cn=directory manager” –w password -n -s -x -a

Backing up dc=wipro,dc=com DIT where the backend database name is “userRoot”

$ ldif2db.pl –D “cn=directory manager” –w password -n userRoot –a people.ldif

Restoring the People subtree from the backup

$ db2ldif –D “cn=directory manager” –w password –n userRoot -i people,ldif

1.3.4 Binary Restore with bak2db bak2db restores a binary backup of an entire directory server instance.

 The bak2db utility cannot be used to restore individual suffix backend databases.

 This is the fastest method of restoring a database but the server must be taken offline before it can be run.

Ex. To backup/restore the directory DATABASE using from db2bak/db2bak
Backup the slapd-syncmaster instance using db2bak

$ /slapd-syncmaster/db2bak

Restore the slap-syncmaster instance bak2db

>> Stop the running directory server instance

$ /slapd-syncmaster/bak2db

1.3.5 Import with ldif2db
 ldif2db overwrites an existing suffix backend database with the contents of an LDIF import file.

 If the contents of the LDIF file includes the directory server configuration information stored in o=NetscapeRoot, the script first saves and then merges any existing o=NetscapeRoot configuration information with the o=NetscapeRoot configuration
information in the files being imported.

 This method of recovery is extremely flexible and is the preferred method for directory servers to initialize individual suffix backend databases, it requires that the server is offline for the duration of the import and it cannot be run remotely.

Ex. To backup/restore the directory server

Backup the directory using db2ldif

$ db2ldif –n -a

Restore the directory using ldif2db

>> Stop the running Directory server and run ldif2db

$ ldif2db –n -i

1.3.6 Manual Restore The offline manual restore simply overwrites the existing database files with those from a binary backup.

 The binary backup could have been made through db2bak or by manually copying1 the “db” or “db/” directories to a backup directory.

 This method is very straightforward and it also requires that the server to be offline for the duration of the copy.

 The restore can be performed remotely using rcp, scp, ftp, or sftp.


by,
Ashokkumar.