Offline Backup of eDirectory 8.8 on Linux



By: oasik

February 20, 2008 10:42 am

Reads: 225

Comments:6

Rating:0

Problem

Even if you take regular backups of eDirectory with dsbk, it’s always a good idea to have one or more full offline backups. You might need it to restore dsbk backup onto it. Or, if you’re feeling more paranoid, you simply don’t know when you might need it. Of course, you will need to determine which files and directories needs to be backed up.

Solution

Warning 1: Files/folders might be placed in different locations in your setup. Check and correct these if necessary.

Warning 2: The “p” switch is used in tar commands to have files/folders backed up with permissions. If you’re going to restore to another system, the user you use to restore with must have the same UID as the user you ran the tar command before to backup. If you use “root” to backup and restore, it won’t be a problem, as both will have UID=0.

Here are the steps:

1. Stop ndsd. You can use “/opt/novell/eDirectory/bin/ndsmanage” to do that.

2. Create a folder. 10012008 is the sample date here.

mkdir /backup/edirfullbackup/Backup10012008
cd Backup10012008

3. Back up NICI. Regarding my tests, if you’re running edirectory 8.8, it is a MUST to backup NICI. I was NOT able to get it started until i restored the NICI backup!

The standard NICI file/folder locations are:

/etc/nici.cfg
/etc/opt/novell/nici.cfg
/usr/lib/libccs2.so
/opt/novell/lib/libccs2.so.*
/var/novell/nici
/var/opt/novell/nici

As you may notice, some of these files are just symbolic links, but there’s no harm in backing them up, too. At least you’d know which symbolic links to create, without digging into documentation.

So the command would be:

tar cvzfp /backup/edirfullbackup/Backup10012008/edir_nici_10012008.tar.gz 
/etc/nici.cfg /etc/opt/novell/nici.cfg 
/usr/lib/libccs2.so /opt/novell/lib/libccs2.so.* 
/var/novell/nici /var/opt/novell/nici

4. Take an edirectory configuration backup. Note that it’s “/etc/opt/novell/eDirectory/conf/nds.conf” by default. In my setup it’s “/etc/opt/novell/eDirectory/conf/edir.conf”, so i’m backing up this file.

tar cvzfp /backup/edirfullbackup/Backup10012008/conf_backup_10012008.tar.gz /etc/opt/novell/eDirectory/conf/edir.conf

5. Take an ndsd script backup.

tar cvzfp /backup/edirfullbackup/Backup10012008/ndsd_script_backup_10012008.tar.gz /etc/init.d/ndsd

6. Take an edirectory (DIB) folder backup. It’s assumed that it’s “/shared/edir” – the directory where “nds.01″ file resides.

tar cvzfp /backup/edirfullbackup/Backup10012008/edir_w_permissions.tar.gz /shared/edir/

7. Start edirectory. Again, you can use “/opt/novell/eDirectory/bin/ndsmanage”.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: ,
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

6 Comments

  1. By:doctorhung

    Would we use the same procedure to backup 8.7.3 for OES/Linux ?

  2. By:oasik

    As far as i know, yes. NICI locations are the same, just replace target locations above with your folder locations. Stop start commands also differ since ndsmanage does not exist on 8.7.3

  3. By:cperilli

    Thanks, great info. In step 4 isn’t the file name nds.conf rather than edir.conf? I don’t see edir.conf on any of my 8.8 boxes.

  4. By:oasik

    Yes, it’s normally “/etc/opt/novell/eDirectory/conf/nds.conf”, but in my setup it’s “/etc/opt/novell/eDirectory/conf/edir.conf”. I’m adding a comment to the article for this. Thanks.

  5. By:royc

    I’ve followed these instructions and the backup part appears to go fine. The restore – not so much.

    I’ve tried to move my production eDirectory onto a VM in a lab for testing. After restoring all the files I get this error in the ndsd.log file:

    The local agent could not be opened – failed, CCS_UnwrapKey failed (-6061)

    I’ve read several tids and have even deleted and restored the CA. The VM is configured identical to the production server – same hostname, IP’s, modules – and everything else I can think of. I’m able to bring eDirectory up with the -rdb switch, but not without. Any suggestions?

  6. By:oasik

    Hi, here is how i restored onto a vm that isolated from production environment;

    . Install SLES10
    . set static ip address, netmask, gateway same as PROD.
    . change hostname to match original hostname
    . route add -net 224.0.0.0 netmask 240.0.0.0 dev eth0
    . Add additional ip to eth0 if edirectory has its own dedicated ip
    . create edirectory DIB folder same as PROD (/shared/edir/ here)
    . copy backed up files to /backup
    . Install edir 88 sp1 (same version as PROD)
    . add env. variables to /etc/profile
    . tar zxvf conf_backup_10012008.tar.gz in /backup
    . cp /etc/opt/novell/eDirectory/conf/edir.conf (originally nds.conf) to its original place
    . edit /etc/opt/novell/eDirectory/conf/edir.conf to change whatever needs to be changed to match new installation.
    . create new edirectory instance, use same configuration values as PROD when running the command.
    ndsconfig new [-t treename>] [-n server_context>] [-a admin_FDN>] [-w admin password>] [-i] [-S server_name>] [-d path_for_dib>] [-m module>] [e] [-L ldap_port>] [-l SSL_port>] [-o http_port>] -O https_port>] [-p IP address:[port]>] [-c] [-b port_to_bind>] [-B interface1@port1>, interface2@port2>,..] [-D custom_location>] [--config-file configuration_file>]
    sample:
    ndsconfig new -t TREE -a cn=admin.ou=services.o=Company -S idmsrv1meta -n ou=services.o=Company -B 10.200.126.150 -P 10.200.126.150 -d /shared/edir/ -D /shared/edir/ -e –config-file /etc/opt/novell/eDirectory/conf/edir.conf
    . tar zxvf edir_w_permissions.tar.gz in /backup (DIB files tarball)
    . ndsmanage to stop newly installed edirectory instance
    . rename DIB folder of newly installed edirectory instance
    . copy backed up DIB folder from /backup to its original place
    . tar zxvf edir_nici_10012008.tar.gz in /backup
    . rename all nici files and folders, cp backed up nici files and folders to their original places
    . ndsmanage to start edirectory instance

    After edirectory is up, you can continue with dsbk restore, if you have a dsbk backup.

    . edirutil -i
    . login -s edir IP> -u admin_FDN> -w admin password>
    . setmode -a
    . I AGREE
    . restore -r -a -o -u -n -v -k -f /backup/edir_23-September-2007-12-30.dibback -l /backup/edir_23-September-2007-12-30.log

    That’s all.

Comment