You should have a plan for Edirectory Disaster Recovery.
TEST AND PRACTICE YOUR RESTORE STRATEGY OFTEN #The time to try your recovery strategy is not when there are 100+ people waiting on you and the boss is standing over your shoulder.
Test it and practice it so you are not paranoid when doing the restore under pressure.
Machine Restore #None(?) of Novell's documentation include the statement that it is implied that the machine that eDirectory is running on is expected to be running as it was at the time of failure.
- The directories are the same
- User accounts are the same
- (windows) Registry entries are the same
- The same Versions of the binaries are installed
Read Novell's Documentation #Read and understand the Novell Documentation. It is more current that this site.
DSBK (or EMBox) verses NDSBACKUP (or LDIF) tools are made for completely different scenarios. Using them together is the best option for having as many restore options as possible. NDSBACKUP (or LDIF) will never work well when you lose a server, and DSBK (or EMBox) is the wrong option for restoring individual entries.
We recommend using both, each for their own benefits.
Total Loss of Server(s) #Doing an DSBK (or EMBox) backup is the easiest supported way to restore an entire database and get the server up to the time the box crashed, but DSBK (or EMBox) requires some setup of its own ahead of time.
See Novell's Current Documentation for eDirectory. Last known URL: http://www.novell.com/documentation/edir88/edir88/?page=/documentation/edir88/edir88/data/a2n4mb6.html
Loss or Corruption of a few Entries #
LDIF #We like LDIF as it is well known entity and is well known and transportable.
However, LDIF will not, by itself, backup passwords. You could use our Dump Edirectory Password Information Tool to put passwords into an LDIF file.NDSBACKUP also works well and is easier than LDIF to backup but we think a little harder to perform a restore for a few entries.
NDSBACKUP does do passwords.
NICI Tree Key Provider#
Regardless of your backup methods you should use NICI Backup Procedures
- What is the NICI SDI Tree Key Provider and why it matters.
- NICI SDI Tree Key Provider Fault Tolerance
- NICI File Locations
Back Up DIB Directory #We use a one line command for backing up the DIB, done in a automation script which can be done with cron jobs
We can completely restore a crashed server or the entire tree from this one file.
The line basically goes like this:
tar cvfz 2010-02-16-testbackup.tgz /etc/opt/novell/eDirectory/conf/nds.conf /etc/opt/novell/eDirectory/conf/ndsimon.conf /etc/opt/novell/eDirectory/conf/ndssnmp/ndssnmp.cfg /etc/opt/novell/eDirectory/conf/ndssnmp/ndstrap.cfg /var/opt/novell/eDirectory/data/dib/_ndsdb.ini /var/opt/novell/eDirectory/data/dib /var/opt/novell/nici
You can view what is in the file with:
tar -tvf 2010-02-16-testbackup.tgz |less
Passwords #Hopefully your careful attention to detail will allow you to be able to recover passwords.
- DSBK will backup and recover passwords
- LDIF probably will not.
To be extra careful, you might want to use our Dump Edirectory Password Information Tool so you are covered.
Tree Certificate Authority #Private Key Backing Up The Tree Certificate Authority TreeCABackup
Backup Admin Account #If the password is lost or if the Admin account should be deleted or corrupted, recovery of the Admin account would require Novell to call in and set a password or create a new entry.
Often this can cause ongoing operations to be severaly impaired.
Please create a second account with all rights to the root of the tree now.
Identity Manager Backup #As code and parameters within IDM do change over time, it is reccomended that the following be performed:
- Export all drivers to a "configuration" file.
- Export all the DriverSets to a "configuration" file.
- Export the GCVs for all the driverSets to an XML file perodically.