{"id":2597,"date":"2021-07-01T08:00:54","date_gmt":"2021-07-01T06:00:54","guid":{"rendered":"https:\/\/possiblelossofprecision.net\/?p=2597"},"modified":"2021-11-12T01:07:43","modified_gmt":"2021-11-11T23:07:43","slug":"ldap-server-with-389ds-part-5-backup","status":"publish","type":"post","link":"https:\/\/possiblelossofprecision.net\/?p=2597","title":{"rendered":"LDAP server with 389ds: Part 5 \u2013 Backup"},"content":{"rendered":"

Now that our 389ds instance is fully configured and ready to go, let’s have a look at how to back it up and potentially restore it if a disaster occurs.<\/p>\n

<\/p>\n

6. Creating a backup<\/h2>\n

To create a complete backup that allows us to restore the 389ds instance from scratch we need to take care about two things: Firstly, the directory server database, where all the information that makes up the DIT is stored. And secondly, the configuration directory \/etc\/dirsrv\/slapd-INSTANCENAME\/<\/code> where additional files (such as certificates, keys and the Root Directory Server Agent Service Entry (RootDSE)<\/a> ldif file) are saved.<\/p>\n

The integrated backup mechanism of the 389 Directory Server takes care of the database:<\/p>\n

\r\n# dsconf localhost backup create\r\nThe backup create task has finished successfully\r\n<\/pre>\n
instructs dsconf<\/code> to create a database dump in \/var\/lib\/dirsrv\/slapd-localhost\/bak\/<\/code>.
\nTo create a backup of the configuration directory we can simply tar it up:<\/p>\n
\r\ntar caf config_slapd-localhost_$(date +%Y-%m-%d_%H-%M-%S).tar.gz \/etc\/dirsrv\/slapd-localhost\/\r\n<\/pre>\n
7. Restoring a backup<\/h2>\n
7.1. Creating a 389ds instance from scratch<\/h3>\n
If disaster struck and we have to create a new 389ds instance from scratch we can use an inf answer file<\/em> just like we did in part 1<\/a>:<\/p>\n
\r\n[general]\r\nfull_machine_name = ldap.example.com\r\nstart = False\r\n\r\n[slapd]\r\ninstance_name = localhost\r\nroot_password = mysecret\r\nport = 389\r\nsecure_port = 636\r\nself_sign_cert = False\r\n\r\n[backend-userroot]\r\nsample_entries = yes\r\nsuffix = dc=example,dc=com\r\n<\/pre>\n
The only difference is that we don’t want our instance to immediately start. Instead we’re going to restore the configuration directory and database first. Of course, you could also stop the instance manually after creation:<\/p>\n
\r\ndscreate from-file instance.inf\r\nrm -rf \/etc\/dirsrv\/slapd-localhost\/*\r\ntar xvf config_slapd-localhost_2021-05-14_10-00-00.tar.gz -C \/\r\n<\/pre>\n
This takes care of the configuration directory.
\nThe database can be restored through dsctl<\/code>. <\/p>\n
\r\n# cp -a localhost-2021_05_14_10_00_00 \/var\/lib\/dirsrv\/slapd-localhost\/bak\/\r\n# dsctl localhost bak2db localhost-2021_05_14_10_00_00\r\nbak2db successful\r\n<\/pre>\n
One small caveat: The directory from which the database is restored has to reside<\/strong> in \/var\/lib\/dirsrv\/slapd-INSTANCENAME\/bak\/<\/code>, otherwise dsctl<\/code> will fail with the somewhat unhelpful error message bak2db failed<\/code>.<\/p>\n
We can now start our successfully restored 389ds instance:<\/p>\n
\r\nsystemctl start dirsrv@localhost.service\r\n<\/pre>\n
7.2. Only restoring the database while server is running<\/h3>\n
If you only want to restore the database (maybe because an object in the DIT was accidentally deleted) we don’t have to stop the server:<\/p>\n
\r\ndsconf localhost backup restore localhost-2021_05_14_10_00_00\r\n<\/pre>\n
As before, the directory form which the database is restored has to reside in \/var\/lib\/dirsrv\/slapd-INSTANCENAME\/bak\/<\/code>.<\/p>\n
There’s a lot more information on how to create<\/a> and restore<\/a> backups in the RHDS11 documentation<\/a> but this should cover the basics.<\/p>\n","protected":false},"excerpt":{"rendered":"
Now that our 389ds instance is fully configured and ready to go, let’s have a look at how to back it up and potentially restore it if a disaster occurs.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[84,13,7,83],"class_list":["post-2597","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-389ds","tag-centos","tag-fedora","tag-ldap"],"_links":{"self":[{"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=\/wp\/v2\/posts\/2597","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2597"}],"version-history":[{"count":19,"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=\/wp\/v2\/posts\/2597\/revisions"}],"predecessor-version":[{"id":2713,"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=\/wp\/v2\/posts\/2597\/revisions\/2713"}],"wp:attachment":[{"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2597"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2597"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2597"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}