There are multiple solutions to back up eDirectory, each with its own pros and cons.

For the purpose of illustration, let’s assume Suse Linux Enterprise Server 10 as the platform.


This is the standalone utility to do backups of eDirectory. It is an object-based backup/restore mechanism. You can back up only selected objects and restore any subset from the backup. When something goes bad and, with say only one object (such as cn=nikanth.ou=blr.o=novell.), you can restore only that object without affecting other objects.


  • Selective backup saves space and time.
  • Selective restore leaves other objects intact.


  • Backing up large number of objects takes time.
  • You may not have backed up the required object!

eDirectory Backup eMTool / dsbk

This is the solution to backup the entire DIB. You can restore the whole server to the previous state. For illustration, let’s use – eMTool backup.


  • It’s a very fast backup, even when there are millions of objects.
  • Restoring the whole DIB is very fast.


You cannot restore only a single object.

In many cases, the administrator cannot predict when there will be a need to restore or which objects should be restored. In such cases, the only option is to back up the entire DIB. But later if you want to restore only selected objects, ndsbackup should be used for backup/restore.

ndsbackup is time consuming on a DIB with large number of objects. Using dsbk/eMTool backup is faster, but it cannot restore only the required objects. It would be great if you could restore objects selectively from a backup of the whole DIB, backed up using eMTool backup/dsbk.

For example, assume you take a backup of a million-object eDirectory tree every week. And one day a need arises to restore only “cn=knikanth.ou=blr.o=novell”. Taking a backup of the million-object tree through ndsbackup would take a lot of time.



Take a backup of the whole dib using eMTool backup/dsbk. Let’s call this backup WEEKLY-BACKUP. The command used to do this would be something like this:

$ edirutil -i
embox> login -s <server_name_or_IP> -p <port_number> -u <username.context> -w <password>
embox> backup -b -f weekly_backup.bak -l weekly_backup.log -u myincludefile.txt -t -w


Later, when cn=knikanth.ou=blr.o=novell alone has to be restored,

1. Again take a backup of the whole DIB. Let’s call this CURRENT-BACKUP:

embox> backup -b -f current_backup.bak -l current_backup.log -u myincludefile.txt -t -w

2. Restore the whole DIB from WEEKLY-BACKUP:

embox> restore -r -a -o -f weekly_backup.bak  -l weekly_backup.log

3. Use ndsbackup to backup only cn=knikanth.ou=blr.o=novell. Let’s call this REQUIRED-BACKUP:

$  ndsbackup cvf required_objects.bak -a  cn=knikanth.ou=blr.o=novell

4. Restore the whole DIB from CURRENT-BACKUP:

embox> restore -r -a -o -f current_backup.bak  -l current_backup.log

5. Restore cn=knikanth.ou=blr.o=novell using ndsbackup from REQUIRED-BACKUP:

$ ndsbackup xvf required_objects.bak -a <admin-User> cn=knikanth.ou=blr.o=novell

Thus, using the combination of two different ways to back up eDirectory, certain needs of backup/restore can be accomplished more efficiently. For more details on using the eMTool backup/dsbk, please refer the eDirectory 8.8 Administration Guide. The man page for ndsbackup provides details about all the options available for ndsbackup.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
By: nikanth
Jul 11, 2007
8:05 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow