Article

Main Communities Menu

Sök

Shameless Plugs

Most Popular

Last viewed:

User login

article

Reads:

11910

Score:

Comments:

6 Offline Backup of eDirectory 8.8 on Linux

Author Info

20 February 2008 - 10:42am
Submitted by: oasik

Author Blog

Author Profile

Problem

Even if you take regular backups of eDirectory with dsbk, it's always a good idea to have one or more full offline backups. You might need it to restore dsbk backup onto it. Or, if you're feeling more paranoid, you simply don't know when you might need it. Of course, you will need to determine which files and directories needs to be backed up.

Solution

Warning 1: Files/folders might be placed in different locations in your setup. Check and correct these if necessary.

Warning 2: The "p" switch is used in tar commands to have files/folders backed up with permissions. If you're going to restore to another system, the user you use to restore with must have the same UID as the user you ran the tar command before to backup. If you use "root" to backup and restore, it won't be a problem, as both will have UID=0.

Here are the steps:

1. Stop ndsd. You can use "/opt/novell/eDirectory/bin/ndsmanage" to do that.

2. Create a folder. 10012008 is the sample date here.

mkdir /backup/edirfullbackup/Backup10012008
cd Backup10012008

3. Back up NICI. Regarding my tests, if you're running edirectory 8.8, it is a MUST to backup NICI. I was NOT able to get it started until i restored the NICI backup!

The standard NICI file/folder locations are:

/etc/nici.cfg
/etc/opt/novell/nici.cfg
/usr/lib/libccs2.so
/opt/novell/lib/libccs2.so.*
/var/novell/nici
/var/opt/novell/nici

As you may notice, some of these files are just symbolic links, but there's no harm in backing them up, too. At least you'd know which symbolic links to create, without digging into documentation.

So the command would be:

tar cvzfp /backup/edirfullbackup/Backup10012008/edir_nici_10012008.tar.gz 
/etc/nici.cfg /etc/opt/novell/nici.cfg 
/usr/lib/libccs2.so /opt/novell/lib/libccs2.so.* 
/var/novell/nici /var/opt/novell/nici

4. Take an edirectory configuration backup. Note that it's "/etc/opt/novell/eDirectory/conf/nds.conf" by default. In my setup it's "/etc/opt/novell/eDirectory/conf/edir.conf", so i'm backing up this file.

tar cvzfp /backup/edirfullbackup/Backup10012008/conf_backup_10012008.tar.gz /etc/opt/novell/eDirectory/conf/edir.conf

5. Take an ndsd script backup.

tar cvzfp /backup/edirfullbackup/Backup10012008/ndsd_script_backup_10012008.tar.gz /etc/init.d/ndsd

6. Take an edirectory (DIB) folder backup. It's assumed that it's "/shared/edir" - the directory where "nds.01" file resides.

tar cvzfp /backup/edirfullbackup/Backup10012008/edir_w_permissions.tar.gz /shared/edir/

7. Start edirectory. Again, you can use "/opt/novell/eDirectory/bin/ndsmanage".

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.

User Comments

Does it work for 8.7.3 ?

Submitted by doctorhung on 6 March 2008 - 7:30am.

Would we use the same procedure to backup 8.7.3 for OES/Linux ?

Be the first to comment! To leave a comment you need to Login or Register

RE:Does it work for 8.7.3 ?

Submitted by oasik on 9 April 2008 - 1:38pm.

As far as i know, yes. NICI locations are the same, just replace target locations above with your folder locations. Stop start commands also differ since ndsmanage does not exist on 8.7.3

Be the first to comment! To leave a comment you need to Login or Register

Configuration backup

Submitted by cperilli on 30 April 2008 - 7:46am.

Thanks, great info. In step 4 isn't the file name nds.conf rather than edir.conf? I don't see edir.conf on any of my 8.8 boxes.

Be the first to comment! To leave a comment you need to Login or Register

RE:Configuration backup

Submitted by oasik on 7 May 2008 - 10:28am.

Yes, it's normally "/etc/opt/novell/eDirectory/conf/nds.conf", but in my setup it's "/etc/opt/novell/eDirectory/conf/edir.conf". I'm adding a comment to the article for this. Thanks.

Be the first to comment! To leave a comment you need to Login or Register

can't get this to work

Submitted by royc on 27 March 2009 - 4:36pm.

I've followed these instructions and the backup part appears to go fine. The restore - not so much.

I've tried to move my production eDirectory onto a VM in a lab for testing. After restoring all the files I get this error in the ndsd.log file:

The local agent could not be opened - failed, CCS_UnwrapKey failed (-6061)

I've read several tids and have even deleted and restored the CA. The VM is configured identical to the production server - same hostname, IP's, modules - and everything else I can think of. I'm able to bring eDirectory up with the -rdb switch, but not without. Any suggestions?

Be the first to comment! To leave a comment you need to Login or Register

RE:can't get this to work

Submitted by oasik on 24 February 2010 - 8:56am.

Hi, here is how i restored onto a vm that isolated from production environment;

. Install SLES10
. set static ip address, netmask, gateway same as PROD.
. change hostname to match original hostname
. route add -net 224.0.0.0 netmask 240.0.0.0 dev eth0
. Add additional ip to eth0 if edirectory has its own dedicated ip
. create edirectory DIB folder same as PROD (/shared/edir/ here)
. copy backed up files to /backup
. Install edir 88 sp1 (same version as PROD)
. add env. variables to /etc/profile
. tar zxvf conf_backup_10012008.tar.gz in /backup
. cp /etc/opt/novell/eDirectory/conf/edir.conf (originally nds.conf) to its original place
. edit /etc/opt/novell/eDirectory/conf/edir.conf to change whatever needs to be changed to match new installation.
. create new edirectory instance, use same configuration values as PROD when running the command.
ndsconfig new [-t treename>] [-n server_context>] [-a admin_FDN>] [-w admin password>] [-i] [-S server_name>] [-d path_for_dib>] [-m module>] [e] [-L ldap_port>] [-l SSL_port>] [-o http_port>] -O https_port>] [-p IP address:[port]>] [-c] [-b port_to_bind>] [-B interface1@port1>, interface2@port2>,..] [-D custom_location>] [--config-file configuration_file>]
sample:
ndsconfig new -t TREE -a cn=admin.ou=services.o=Company -S idmsrv1meta -n ou=services.o=Company -B 10.200.126.150 -P 10.200.126.150 -d /shared/edir/ -D /shared/edir/ -e --config-file /etc/opt/novell/eDirectory/conf/edir.conf
. tar zxvf edir_w_permissions.tar.gz in /backup (DIB files tarball)
. ndsmanage to stop newly installed edirectory instance
. rename DIB folder of newly installed edirectory instance
. copy backed up DIB folder from /backup to its original place
. tar zxvf edir_nici_10012008.tar.gz in /backup
. rename all nici files and folders, cp backed up nici files and folders to their original places
. ndsmanage to start edirectory instance

After edirectory is up, you can continue with dsbk restore, if you have a dsbk backup.

. edirutil -i
. login -s edir IP> -u admin_FDN> -w admin password>
. setmode -a
. I AGREE
. restore -r -a -o -u -n -v -k -f /backup/edir_23-September-2007-12-30.dibback -l /backup/edir_23-September-2007-12-30.log

That's all.

Be the first to comment! To leave a comment you need to Login or Register

Products By Category

Contribute