17.6 Backing Up and Restoring NICI

Novell International Cryptography Infrastructure (NICI) stores keys and user data in the file system and in system and user specific directories and files. These directories and files are protected by setting the proper permissions on them using the mechanism provided by the operating system. This is done by the NICI installation program. NICI back up and restore is supported only for a root user, and not for a non-root user.

Uninstalling NICI from the system does not remove the system or user directories and files. Therefore, the only reason to restore these files to a previous state is to recover from a catastrophic system failure or a human error. It is important to understand that overwriting an existing set of NICI user directories and files might break an existing application.

The database key required to open the DIB is wrapped with NICI keys. Hence if an eDirectory backup is performed independent of NICI backup then it is of no use. The eDirectory backup solution (DSBK and eMBox Backup) has a switch (-e) that enables:

  1. Backing up the NICI keys when an eDirectory backup is run

  2. Restoring the NICI keys when an eDirectory restore is run

For more information on the eDirectory backup solution, refer to the Section 17.5, Using DSBK.

17.6.1 Backing Up NICI

NICI backup can be performed along with full eDirectory backup and also with incremental eDirectory backup.

The command to perform a NICI backup is as follows:

dsbk backup -f file_name -l log_file_name -e password

-f and -l are mandatory options that have to be used with the backup command.

-e is the switch to backup NICI files.

file_name specifies the file name and location of the backup file you want the Backup Tool to create.

log_file_name specifies the file name and location of a log file created to record the results of the backup operation.

password specifies the NICI backup password. The password can be specified as a clear text. On Linux, passing the password as a file is also supported. This same password has to be specified to restore the NICI files.

NOTE:If a NICI backup password is not specified with the -e switch, then the following error messages are displayed:

In DSBK:

Enter password along with the (-e) option!
DSBK error! 4

17.6.2 Restoring NICI

  1. Restore NICI files alone (not DIB).

    dsbk restore -f file_name -l log_file_name -e password

    -f and -l are mandatory options that have to be used with the restore command.

    -e is the switch to restore NICI files.

    file_name specifies the file name and location of the backup file that contains the information to be restored.log_file_name specifies the file name and location of a log file created to record the results of the restore operation.password specifies the NICI backup password that was used when the NICI files were backed up. If a wrong password is specified when trying to restore the NICI files then an error message is displayed.

  2. Restart the ndsd server.

  3. Restore the DIB.

    dsbk restore -f file_name -l log_file_name -a -r -o

    -f and -l are mandatory options that have to be used with the restore command.

    -a activates DIB after verifying, -r restores DIB set, and -o opens database when finished.

If NICI backup was performed during a full backup and also during an incremental backup and if different NICI backup passwords were used during the full backup and the incremental backup then when restoring the NICI files the password that was used with the full backup should be used to restore the NICI files.

NOTE:If a password is not specified with the -e switch then the following error messages are displayed:

In DSBK:

Enter password along with the (-e) option!
DSBK error! 4

If a wrong password is specified during the NICI restore, the following error is displayed:

NICI RESTORE: "NICI Files has not been restored(Check your parameters)" Error!: -32