This section explains how to perform a binary backup of directory data. In addition to the binary backup procedures in this section, you can make a binary copy to use for initializing a suffix in a replication topology. See Initializing a Replicated Suffix by Using Binary Copy.
A binary data backup saves a copy of your directory data that you can use if the database files later become corrupted or deleted. This operation does not back up configuration data. If you want to back up the whole Directory Server for disaster recovery, see Disaster Recovery.
Never stop the server during a backup operation.
Your backup must be performed more frequently than the purge delay. The purge delay, specified by the nsDS5ReplicaPurgeDelay attribute, is the period of time, in seconds, after which internal purge operations are performed on the change log. The default purge delay is 604800 seconds (1 week). The change log maintains a record of updates, which might or might not have been replicated.
If your backup is performed less frequently than the purge delay, the change log might be cleared before it has been backed up. Changes will therefore be lost if you use the backup to restore data.
All backup procedures described in this section store a copy of the server files on the same host by default. You should then copy and store your backups on a different machine or file system for greater security.
Your Directory Server must be stopped to run the dsadm backup command.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Back up your directory data.
$ dsadm backup instance-path archive-dir
$ dsadm backup /local/ds /local/tmp/20051205
You can back up directory data while the server is running by using the command dsconf backup command. However, if changes are made to the directory data while the backup is running, proper recovery is more difficult. To avoid this problem when using dsconf backup, set replication referrals or make the server read-only.
When restoring a server, the dse.ldif configuration file must contain the same configuration information as when the server was backed up.
$ cp instance-path/config/dse.ldif archive-dir
When you perform the following actions, Directory Server automatically backs up the dse.ldif configuration file in the directory instance-path/config.
When you start Directory Server, a backup of the dse.ldif file is created in a file named dse.ldif.startOK.
When you make modifications to the cn=config branch, the file is first backed up to a file named dse.ldif.bak in the config directory before the server writes the modifications to the dse.ldif file.
This procedure uses the frozen mode feature. Frozen mode enables you to stop database updates on disk so that a file system snapshot can be taken safely. You can use frozen mode as an additional measure for ensuring a robust backup.
Your server must not write user data on the disk while the file system backup is in progress. If you are sure that no updates will occur during a certain time frame, make your backup during this time. If you cannot guarantee that there will be no updates, put your server into frozen mode before making a backup.
A server in frozen mode continues to write to the access and errors logs. In a single-server topology, operations received when frozen mode is on result in an LDAP error being returned. The error message logged is the standard error for the database being offline. In a replicated topology, a referral is returned. For frozen mode to work correctly, no other tasks should be running on the databases.
Note that the databases of a server in frozen mode are more stable than those in read-only mode. Unlike frozen mode, read-only mode permits tasks to be created and configuration entries to be modified. When frozen mode is on, all configured databases are taken offline. Any internal operations in progress are notified of the database going offline. LDAP operations in progress are completed, and the database environment is flushed. Subsequent incoming operations, including searches to user data, are refused until frozen mode is set to off. You can, however, search configuration parameters while frozen mode is on.
For parts of this procedure, you can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help. Other parts of the procedure can only be done using the command line.
(Optional) Put your server into frozen mode.
$ dsconf set-server-prop -h host -p port read-write-mode:frozen
Back up your file system, using a tool appropriate to your file system type.
If your server is in frozen mode, make the server read-write again.
$ dsconf set-server-prop -h host -p port read-write-mode:read-write
If your server receives replication updates from another server, replication updates will start as soon as frozen mode is turned off.