Even if you take regular backups of eDirectory with dsbk, it’s always a good idea to have one or more full offline backups. You might need it to restore dsbk backup onto it. Or, if you’re feeling more paranoid, you simply don’t know when you might need it. Of course, you will need to determine which files and directories needs to be backed up.


Warning 1: Files/folders might be placed in different locations in your setup. Check and correct these if necessary.

Warning 2: The “p” switch is used in tar commands to have files/folders backed up with permissions. If you’re going to restore to another system, the user you use to restore with must have the same UID as the user you ran the tar command before to backup. If you use “root” to backup and restore, it won’t be a problem, as both will have UID=0.

Here are the steps:

1. Stop ndsd. You can use “/opt/novell/eDirectory/bin/ndsmanage” to do that.

2. Create a folder. 10012008 is the sample date here.

mkdir /backup/edirfullbackup/Backup10012008
cd Backup10012008

3. Back up NICI. Regarding my tests, if you’re running edirectory 8.8, it is a MUST to backup NICI. I was NOT able to get it started until i restored the NICI backup!

The standard NICI file/folder locations are:


As you may notice, some of these files are just symbolic links, but there’s no harm in backing them up, too. At least you’d know which symbolic links to create, without digging into documentation.

So the command would be:

tar cvzfp /backup/edirfullbackup/Backup10012008/edir_nici_10012008.tar.gz 
/etc/nici.cfg /etc/opt/novell/nici.cfg 
/usr/lib/ /opt/novell/lib/* 
/var/novell/nici /var/opt/novell/nici

4. Take an edirectory configuration backup. Note that it’s “/etc/opt/novell/eDirectory/conf/nds.conf” by default. In my setup it’s “/etc/opt/novell/eDirectory/conf/edir.conf”, so i’m backing up this file.

tar cvzfp /backup/edirfullbackup/Backup10012008/conf_backup_10012008.tar.gz /etc/opt/novell/eDirectory/conf/edir.conf

5. Take an ndsd script backup.

tar cvzfp /backup/edirfullbackup/Backup10012008/ndsd_script_backup_10012008.tar.gz /etc/init.d/ndsd

6. Take an edirectory (DIB) folder backup. It’s assumed that it’s “/shared/edir” – the directory where “nds.01” file resides.

tar cvzfp /backup/edirfullbackup/Backup10012008/edir_w_permissions.tar.gz /shared/edir/

7. Start edirectory. Again, you can use “/opt/novell/eDirectory/bin/ndsmanage”.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

Leave a Comment

  • doctorhung says:

    Would we use the same procedure to backup 8.7.3 for OES/Linux ?

  • oasik says:

    As far as i know, yes. NICI locations are the same, just replace target locations above with your folder locations. Stop start commands also differ since ndsmanage does not exist on 8.7.3

  • cperilli says:

    Thanks, great info. In step 4 isn’t the file name nds.conf rather than edir.conf? I don’t see edir.conf on any of my 8.8 boxes.

  • oasik says:

    Yes, it’s normally “/etc/opt/novell/eDirectory/conf/nds.conf”, but in my setup it’s “/etc/opt/novell/eDirectory/conf/edir.conf”. I’m adding a comment to the article for this. Thanks.

  • royc says:

    I’ve followed these instructions and the backup part appears to go fine. The restore – not so much.

    I’ve tried to move my production eDirectory onto a VM in a lab for testing. After restoring all the files I get this error in the ndsd.log file:

    The local agent could not be opened – failed, CCS_UnwrapKey failed (-6061)

    I’ve read several tids and have even deleted and restored the CA. The VM is configured identical to the production server – same hostname, IP’s, modules – and everything else I can think of. I’m able to bring eDirectory up with the -rdb switch, but not without. Any suggestions?

  • oasik says:

    Hi, here is how i restored onto a vm that isolated from production environment;

    . Install SLES10
    . set static ip address, netmask, gateway same as PROD.
    . change hostname to match original hostname
    . route add -net netmask dev eth0
    . Add additional ip to eth0 if edirectory has its own dedicated ip
    . create edirectory DIB folder same as PROD (/shared/edir/ here)
    . copy backed up files to /backup
    . Install edir 88 sp1 (same version as PROD)
    . add env. variables to /etc/profile
    . tar zxvf conf_backup_10012008.tar.gz in /backup
    . cp /etc/opt/novell/eDirectory/conf/edir.conf (originally nds.conf) to its original place
    . edit /etc/opt/novell/eDirectory/conf/edir.conf to change whatever needs to be changed to match new installation.
    . create new edirectory instance, use same configuration values as PROD when running the command.
    ndsconfig new [-t treename>] [-n server_context>] [-a admin_FDN>] [-w admin password>] [-i] [-S server_name>] [-d path_for_dib>] [-m module>] [e] [-L ldap_port>] [-l SSL_port>] [-o http_port>] -O https_port>] [-p IP address:[port]>] [-c] [-b port_to_bind>] [-B interface1@port1>, interface2@port2>,..] [-D custom_location>] [–config-file configuration_file>]
    ndsconfig new -t TREE -a cn=admin.ou=services.o=Company -S idmsrv1meta -n ou=services.o=Company -B -P -d /shared/edir/ -D /shared/edir/ -e –config-file /etc/opt/novell/eDirectory/conf/edir.conf
    . tar zxvf edir_w_permissions.tar.gz in /backup (DIB files tarball)
    . ndsmanage to stop newly installed edirectory instance
    . rename DIB folder of newly installed edirectory instance
    . copy backed up DIB folder from /backup to its original place
    . tar zxvf edir_nici_10012008.tar.gz in /backup
    . rename all nici files and folders, cp backed up nici files and folders to their original places
    . ndsmanage to start edirectory instance

    After edirectory is up, you can continue with dsbk restore, if you have a dsbk backup.

    . edirutil -i
    . login -s edir IP> -u admin_FDN> -w admin password>
    . setmode -a
    . I AGREE
    . restore -r -a -o -u -n -v -k -f /backup/edir_23-September-2007-12-30.dibback -l /backup/edir_23-September-2007-12-30.log

    That’s all.

By: oasik
Feb 20, 2008
10:42 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow