Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

6.3. Backing up Directory Server

A backup in Directory Server contains, for example:
  • All database files including the data stored within these databases

    Note

    Directory Server does not support backing up individual databases.
  • The transaction logs
  • The Indices
In contrast to a backup, you can export data as described in Section 6.2, “Exporting Data”. Use the export feature to export specific data, such as a subtree, from a server in the LDAP Data Interchange Format (LDIF) format.

Warning

Do not stop the server during a backup operation.
Directory Server runs the backup task as the dirsrv user. Therefore, the permissions of the destination directory must allow this user to create files.

6.3.1. Backing up All Databases Using the Command Line
Copiar enlace

Directory Server supports backing up the databases while the instance is running or while the instance is offline:

Important

These methods only back up the databases. For details about backing up other important files, such as the configuration, see Section 6.3.3, “Backing up Configuration Files, the Certificate Database, and Custom Schema Files”.

6.3.1.1. Backing up All Databases While the Server is Running
Copiar enlace

Use the dsconf backup create command to automatically create a task that backs up all databases.

Important

Directory Server cleans the changelog when the database is restored from the online backup. Therefore, using online backup requires you to reinitialize the replica after the database restore. To avoid reinitialization, use the offline backup.
For example, to backup all databases, run: 
# dsconf -D "cn=Directory Manager" ldap://server.example.com backup create
The backup create task has finished successfully
Copy to Clipboard Toggle word wrap
By default, dsconf stores the backup in a subdirectory called instance_name-time_stamp in the /var/lib/dirsrv/slapd-instance_name/bak/ directory. To specify a different location, append a directory name to the command.
6.3.1.1.2. Backing up All Databases Using a cn=tasks entry
Copiar enlace
The cn=tasks,cn=config entry in the Directory Server configuration is a container entry for temporary entries the server uses to manage tasks. To initiate a backup operation, create a task in the cn=backup,cn=tasks,cn=config entry.
Using a task entry enables you to backup the databases while the server is running.
A backup task entry requires the following attributes:
  • cn: Sets the unique name of the task.
  • nsDatabaseType: Sets the type of the database to back up. Directory Server supports only the ldbm database value in this attribute.
Backup tasks support additional parameters, for example, to specify a different destination directory as the default, /var/lib/dirsrv/slapd-instance_name/bak/. For a complete list, see the cn=backup section in the Red Hat Directory Server Configuration, Command, and File Reference.
For example, to backup all databases and store the archive in the default backup directory: 
# ldapadd -D "cn=Directory Manager" -W -H ldap://server.example.com -x

dn: cn=example_backup,cn=export,cn=tasks,cn=config
changetype: add
objectclass: extensibleObject
cn: example_backup
nsDatabaseType: ldbm database
Copy to Clipboard Toggle word wrap
If you not specify the nsArchiveDir attribute, the server stores the backup in a subdirectory called instance_name-time_stamp in the /var/lib/dirsrv/slapd-instance_name/bak/ directory.
When the task is completed, the entry is removed from the directory configuration.

6.3.1.2. Backing up All Databases While the Server is Offline
Copiar enlace

If the server is offline when you backup databases, use the dsctl db2bak command:
  1. Stop the instance: 
    # dsctl instance_name stop
    Copy to Clipboard Toggle word wrap
  2. Backup the database: 
    # dsctl instance_name db2bak
db2bak successful
    Copy to Clipboard Toggle word wrap

    Note

    The dsctl db2bak command runs as the backup as the dirsrv user. Therefore, the permissions of the destination directory must allow this user to create files and directories.
    If you not append a destination directory to the command, the server stores the backup in a subdirectory called instance_name-time_stamp in the /var/lib/dirsrv/slapd-instance_name/bak/ directory.
  3. Start the instance: 
    # dsctl instance_name start
    Copy to Clipboard Toggle word wrap

6.3.2. Backup up all Databases Using the Web Console
Copiar enlace

Using the web console, you can perform online backup.

Important

Directory Server cleans the changelog when the database is restored from the online backup. Therefore, using online backup requires you to reinitialize the replica after the database restore. To avoid reinitialization, use the offline backup.
To back up all databases of an instance using the web console:
  1. Open the Directory Server user interface in the web console. See Section 1.4, “Logging Into Directory Server Using the Web Console”.
  2. Select the instance.
  3. Click the Actions button, and select Manage Backup.
  4. Click Create Backup.
  5. Enter a name for the backup, such as a time stamp to indicate the creation date and time of the backup.
  6. Click Create Backup.
The server stores the backup in a subdirectory with the name you entered in the /var/lib/dirsrv/slapd-instance_name/bak/ directory.
The backup mechanism integrated into Directory Server backs up only the databases. However, there are additional files stored in the /etc/dirsrv/slapd-instance_name/ directory which are required to, for example, restore a instance on a different server after a hardware failure.

Note

Backing up the configuration directory is not supported in the web console.

Example 6.2. How to Back up the /etc/dirsrv/slapd-instance_name/ Directory

To back up the content of /etc/dirsrv/slapd-instance_name/, you can copy the directory or store it into an archive file. For example, to store the content of the /etc/dirsrv/slapd-instance_name/ directory in the /root/config_slapd-instance_name_time_stamp.tar.gz file: 
# cd /etc/dirsrv/
# tar -zcvf /root/config_slapd-instance_name_$(date +%Y-%m-%d_%H-%M-%S).tar.gz slapd-instance_name/
Copy to Clipboard Toggle word wrap

Important

During the backup, do not update the certificate database. Otherwise, this database might not be consistent in the backup.
You can configure that members of a group have permissions to back up an instance and perform the backup. This increases the security because you no longer need to set the credentials of cn=Directory Manager in your backup script or cron jobs. Additionally, you can easily grant and revoke the backup permissions by modifying the group.

6.3.4.1. Enabling a Group to Back up Directory Server
Copiar enlace

Use this procedure to add the cn=backup_users,ou=groups,dc=example,dc=com group and enable members of this group to create backup tasks.

Procedure

  1. Create the cn=backup_users,ou=groups,dc=example,dc=com group: 
    # dsidm -D "cn=Directory Manager" ldap://server.example.com -b "dc=example,dc=com" group create --cn backup_users
    Copy to Clipboard Toggle word wrap
  2. Add access control instructions (ACI) that allows members of the cn=backup_users,ou=groups,dc=example,dc=com group to create backup tasks: 
    # ldapadd -D "cn=Directory Manager" -W -H ldap://server.example.com

dn: cn=config
changetype: modify
add: aci
aci: (target = "ldap:///cn=backup,cn=tasks,cn=config")(targetattr="*")
 (version 3.0 ; acl "permission: Allow backup_users
  group to create backup tasks" ; allow (add, read, search) groupdn
  = "ldap:///cn=backup_users,ou=groups,dc=example,dc=com";)
-
add: aci
aci: (target = "ldap:///cn=config")(targetattr = "nsslapd-bakdir || objectClass")
 (version 3.0 ; acl "permission: Allow backup_users group
  to access bakdir attribute" ; allow (read,search) groupdn
  = "ldap:///cn=backup_users,ou=groups,dc=example,dc=com";)
    Copy to Clipboard Toggle word wrap
  3. Create a user:
    1. Create a user account: 
      # dsidm -D "cn=Directory Manager" ldap://server.example.com -b "dc=example,dc=com" user create --uid="example" --cn="example" --uidNumber="1000" --gidNumber="1000" --homeDirectory="/home/example/" --displayName="Example User"
      Copy to Clipboard Toggle word wrap
    2. Set a password on the user account: 
      # dsidm -D "cn=Directory Manager" ldap://server.example.com -b "dc=example,dc=com" account reset_password "uid=example,ou=People,dc=example,dc=com" "password"
      Copy to Clipboard Toggle word wrap
  4. Add the uid=example,ou=People,dc=example,dc=com user to the cn=backup_users,ou=groups,dc=example,dc=com group: 
    # dsidm -D "cn=Directory Manager" ldap://server.example.com -b "dc=example,dc=com" group add_member backup_users uid=example,ou=People,dc=example,dc=com
    Copy to Clipboard Toggle word wrap

Verification

  • Display the ACIs set on the cn=config entry: 
    # ldapsearch -o ldif-wrap=no -LLLx -D "cn=directory manager" -W -H ldap://server.example.com -b cn=config aci=* aci -s base
dn: cn=config
aci: (target = "ldap:///cn=backup,cn=tasks,cn=config")(targetattr="*")(version 3.0 ; acl "permission: Allow backup_users group to create backup tasks" ; allow (add, read, search) groupdn = "ldap:///cn=backup_users,ou=groups,dc=example,dc=com";)
aci: (target = "ldap:///cn=config")(targetattr = "nsslapd-bakdir || objectClass")(version 3.0 ; acl "permission: Allow backup_users group to access bakdir attribute" ; allow (read,search) groupdn = "ldap:///cn=backup_users,ou=groups,dc=example,dc=com";)
...
    Copy to Clipboard Toggle word wrap

6.3.4.2. Performing a Backup as a Regular User
Copiar enlace

You can perform backups as a regular user instead of cn=Directory Manager.

Prerequisites

Procedure

  • Create a backup task using one of the following methods:
    • Using the dsconf backup create command: 
      # dsconf -D uid=example,ou=People,dc=example,dc=com ldap://server.example.com backup create
      Copy to Clipboard Toggle word wrap
    • By manually creating the task: 
      # ldapadd -D uid=example,ou=People,dc=example,dc=com -W -H ldap://server.example.com

dn: cn=backup-2021_07_23_12:55_00,cn=backup,cn=tasks,cn=config
changetype: add
objectClass: extensibleObject
nsarchivedir: /var/lib/dirsrv/slapd-instance_name/bak/backup-2021_07_23_12:55_00
nsdatabasetype: ldbm database
cn: backup-2021_07_23_12:55_00
      Copy to Clipboard Toggle word wrap

Verification

  • Verify that the backup was created: 
    # ls -l /var/lib/dirsrv/slapd-instance_name/bak/
total 0
drwx------. 3 dirsrv dirsrv 108 Jul 23 12:55 backup-2021_07_23_12_55_00
...
    Copy to Clipboard Toggle word wrap
Volver arriba
Red Hat logoGithubredditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar. Explore nuestras recientes actualizaciones.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

Theme

© 2025 Red Hat