All system information (system structure, the configuration and deployment method for each Branch Server and Point of Service terminal, image information, and so forth) is stored in an LDAP directory on the Administration Server. This information must be backed up regularly to protect against data loss in case of storage failure and administration errors.
It is recommended that, at a minimum, you do an online logical backup to a local file before any complex reconfiguration of the system.
The following sections discuss methods you can use to backup and restore your Novell Linux Point of Service LDAP directory.
An offline backup must be executed on the Administration Server and does not put any load on the LDAP server. The drawback is that the LDAP server is not available during the time of the backup.
To perform a physical file backup of the LDAP directory:
Stop the LDAP server using the /usr/sbin/rcldap stop command.
Copy all the files in the /var/lib/ldap/ directory to an archive directory.
After the copy completes, start the LDAP server using the /usr/sbin/rcldap start command.
To perform a logical backup of the LDAP directory (database dump):
Stop the LDAP server using the /usr/sbin/rcldap stop command.
Run the slapcat >ldap.\$(date +'\%Y\%m\%d-\%T') command.
This generates an LDIF file named ldap.datetime where datetime is the current date and time. The output file can be archived, backed up on offline media, and restored with the slapadd command. The LDIF file is a structured ASCII file that can be viewed, for example, with the less command.
After the backup completes, start the LDAP server by using the /usr/sbin/rcldap start command.
An online backup uses the LDAP server to extract all data. This has the advantage that the server is available at all times and the backup can be taken from a remote machine that has an LDAP client.
Run the following command:
ldapsearch -h LDAPServer -x -b baseDN > ldap.\$(date +'\%Y\%m\%d-\%T')
where
LDAPServer is the LDAP server name or IP address.
baseDN is the base DN (distinguished name) of the LDAP structure (for example, o=mycorp,c=us).
This creates an LDIF file like the slapcat command used for offline backup.
This file must be added to the LDAP server with the ldapadd command. Do not use slapadd with this file.
If access controls are implemented on the LDAP server, an authenticated LDAP bind must be used. In this case, the previous command should be extended with the following arguments:
ldapsearch -x -D adminDN -w adminPassword
where
adminDN is the DN of the administrator user (for example, cn=admin,o=mycorp,c=us).
adminPassword is this user’s password (for example, secret).
To restore an offline backup:
Stop the LDAP server using the /usr/sbin/rcldap stop command.
If you did a physical file backup, restore the files in /var/lib/ldap.
or
If you did a logical backup, run the slapadd command to restore the logical database dump:
slapadd -l backupfile
where backupfile is the file created by slapcat.
Start the LDAP server using the /usr/sbin/rcldap start command.
To restore an online backup, the LDAP server must be running. The LDAP server is able to run with an empty database. If the database has been corrupted, the database files in /var/lib/ldap/ must be removed before restoring the online backup.
To restore a backup file taken with ldapsearch, run the following command:
ldapadd -D adminDN -x -w adminPassword -h LDAPServer -x -f backupfile