IBM Support

Backup and Restore procedures

Product Documentation


Abstract

Backup and Restore procedures for Directory Server with in Security Directory Suite Virtual Appliance.

Content

This document provides detailed procedures required for Backup and Restore of Directory Server (including associated DB2 database backup) with in Security Directory Suite Virtual Appliance.

Important Note: In order to use the procedures listed in this document, SDS VA 8.0.1.2 or higher firmware level is required.

With SDS 8.0.1.2 (or higher firmware level), Backups folder is created under /userdata/directory/CustomOut/ folder, where directory server backup(s) could be taken. You may use this Backups folder or any new subfolder of the same to create a new backup. Also from /userdata/directory/CustomIn folder, a Backups soft link is created to the Backups folder in CustomOut. This helps in restore operations.

Backup & Restore using Server Tools

Offline Backup using Server Tools

This procedure uses "server_tools" command idsdbback, to create a new folder offlinebackup under /userdata/directory/CustomOut/Backups/ folder, and performs an offline backup:
  1. Login to the SDS VA CLI using ssh or putty as admin user.
  2. Stop Directory Server (ibmslapd process):
    sdsva > sds server_tools ibmslapd -I sdsinst1 -k
  3. Run idsdbback command to perform offline backup:
    sdsva > sds server_tools idsdbback -I sdsinst1 -k Backups/offlinebackup -n
    ...
    The file 'idsdbback.tar.gz' can be downloaded and viewed under CustomOut folder in LMI.
    Note: To include backup of already configured changelog database along with main ldap database, add option -l.
  4. Download the backup idsdbback.tar.gz file or individual backup files:
    1. To Download the backup idsdbback.tar.gz file, Login as admin user into SDS VA Web LMI via browser, using address such as:
      https://sds_va_hostname_or_ipaddress
    2. Navigate to "Configure - Directory Suite" -> "Advanced Configuration - Custom File Management".
    3. Select CustomOut folder.
    4. From the main panel, select idsdbback.tar.gz file.
    5. Click on Download button and save.
    6. Alternatively individual backup files can be downloaded from CustomOut -> Backups -> offlinebackup -> BACKUP_FILES.

Online Backup using Server Tools

This procedure uses "server_tools" command idsdbback, to create a new folder onlinebackup under /userdata/directory/CustomOut/Backups/ folder, and performs an online backup:
  1. Login to the SDS VA CLI using ssh or putty as admin user.
  2. Only for the very first time, Stop Directory Server (ibmslapd process), to allow configuration update:
    sdsva > sds server_tools ibmslapd -I sdsinst1 -k
    Note: For all subsequent online backups, skip this step.
  3. Run idsdbback command to perform online backup:
    sdsva > sds server_tools idsdbback -I sdsinst1 -u -k Backups/onlinebackup -n
    ...
    The file 'idsdbback.tar.gz' can be downloaded and viewed under CustomOut folder in LMI.
    Note: To include backup of already configured changelog database along with main ldap database, add option -l.
  4. Download the backup idsdbback.tar.gz file or individual backup files:
    1. To Download the backup idsdbback.tar.gz file, Login as admin user into SDS VA Web LMI via browser, using address such as:
      https://sds_va_hostname_or_ipaddress
    2. Navigate to "Configure - Directory Suite" -> "Advanced Configuration - Custom File Management".
    3. Select CustomOut folder.
    4. From the main panel, select idsdbback.tar.gz file.
    5. Click on Download button and save.
    6. Alternatively individual backup files can be downloaded from CustomOut -> Backups -> offlinebackup -> BACKUP_FILES.

Restore using Server Tools

This procedure uses "server_tools" command idsdbrestore, to perform a restore of either previously taken or uploaded backup from /userdata/directory/CustomIn/Backups/ folder:
  1. Upload the required idsdbback.tar.gz to the SDS VA:
    Note: To perform a restore on the same system where the backup is originally taken and is still available, you don't have to re-upload, just proceed to step 2.
    1. To Upload the backup idsdbback.tar.gz file, Login as admin user into SDS VA Web LMI via browser, using address such as:
      https://sds_va_hostname_or_ipaddress
    2. Navigate to "Configure - Directory Suite" -> "Advanced Configuration - Custom File Management".
    3. Select CustomIn folder.
    4. From the main panel, Click on Upload button.
    5. In the File Upload pop-up panel, browse and select the required idsdbback.tar.gz from local system and click on Save Configuration button to complete the upload.
  2. Login to the SDS VA CLI using ssh or putty as admin user.
  3. Unarchive the idsdbback.tar.gz file using idsunarchive command:
    sdsva > sds client_tools idsunarchive -t tgz -f idsdbback.tar.gz
    Successfully expanded the archive 'idsdbback.tar.gz'. File(s) can be viewed under 'CustomIn' folder in LMI.
  4. Unarchive the idsdbback.tar file using idsunarchive command:
    sdsva > sds client_tools idsunarchive -t tar -f idsdbback.tar
    Successfully expanded the archive 'idsdbback.tar'. File(s) can be viewed under 'CustomIn' folder in LMI.
    Note: If in case, you see an error: "cp: target '/userdata/directory/CustomIn/Backups' is not a directory", ONLY then perform the steps below:
    • Get into the Instance's shell via db2cmd:
      sdsva > tools db2cmd
    • At the db2 prompt enter !bash shell command:
      db2 => !bash
    • cd into CustomIn folder:
      bash-4.1$ cd /userdata/directory/CustomIn/
    • Unarchive the idsdbback.tar file:
      bash-4.1$ tar -xvf idsdbback.tar
      Note: The above command expands the idsdbback.tar into Backups/offlinebackup folder inside CustomIn folder (soft link).
    • Get back into admin shell:
      bash-4.1$ exit
      db2 => quit
  5. Stop Directory Server (ibmslapd process):
    sdsva > sds server_tools ibmslapd -I sdsinst1 -k
  6. Run idsdbrestore command to perform restore:
    sdsva > sds server_tools idsdbrestore -I sdsinst1 -k Backups/onlinebackup -n
    ...
    GLPDBR003I Restored directory server instance 'sdsinst1'.
    Note: To include restore of already configured and backed up changelog database along with main ldap database, add option -l.

Backup & Restore using Web Admin Tool

Offline Backup using Web Admin Tool

This procedure provides Web Admin Tool methods, to create a new folder offlinebackup under /userdata/directory/CustomOut/Backups/ folder, configure offline backup and finally perform an offline backup. "Directory Administration Server (ibmdiradm)" and "Directory Server Web Administration Tool (WAT)" should already be started in order to run this procedure.
  1. Connect to the SDS VA Directory Server Web Admin Tool via browser, using address such as:
    https://sds_va_hostname_or_ipaddress:12101/IDSWebApp
  2. Select LDAP Server Name and Login with User Id: cn=root (Directory Administrator DN) and its password.
  3. From left navigation list, expand Server administration and then click on Manage backup/restore.
  4. From resulting Manage backup/restore panel, click on Configure directory server backup tab.
  5. Under Configure directory server backup section, select/enable the Enable backup of directory server check box.
    Note: Optionally select/enable the Enable backup of changelog check box, if the changelog database is already configured,
  6. Select Offline backup radio button.
  7. In required text box field Backup/Restore location, enter the backup folder path:
    /userdata/directory/CustomOut/Backups/offlinebackup
  8. Click on Apply button at the bottom part of the panel.
  9. In the bottom status panel, following task success message gets displayed:
    The changes were saved. Click Backup or Restore directory tab to perform Backup or Restore operation now.
  10. Click on Perform directory server backup tab.
  11. From Perform directory server backup panel, verify the "Backup type" and "Backup location", and click on Stop server and backup now button.
  12. Observe status and progress:
    • Top directory server status panel displays Red Stop button.
    • "Backup status" text box displays BACKUP IN PROGRESS.
    • In the bottom status panel, following task success message gets displayed:
      The backup request was submitted.
    • Click on the Check progress button to monitor the progress of the request.
    • After successful backup, "Backup status" changes to NOT SCHEDULED, and "Previous successful backup" displays date and time of the backup.
  13. Proceed to start directory server, one option is to click on Grey Play button, after the directory server start in normal mode, this gets turned into Green Play button.
  14. Since the offline backup is configured, steps 10 through 13 could be repeated at any time to perform an offline backup as required.
  15. Download the backup files:
    Method A:
    1. Login to the SDS VA CLI using ssh or putty as admin user.
    2. Get into the Instance's shell via db2cmd:
      sdsva > tools db2cmd
    3. At the db2 prompt enter !bash shell command:
      db2 => !bash
    4. cd into CustomOut/Backups folder:
      bash-4.1$ cd /userdata/directory/CustomOut/Backups/offlinebackup/sdsinst1
    5. Transfer the entire BACKUP_FILES folder using scp:
      bash-4.1$ scp -rp BACKUP_FILES <user>@<remotehost>:<path>
    6. Get back into admin shell:
      bash-4.1$ exit
      db2 => quit

    Method B:
    1. To download individual backup files, Login as admin user into SDS VA Web LMI via browser, using address such as:
      https://sds_va_hostname_or_ipaddress.
    2. Navigate to "Configure - Directory Suite" -> "Advanced Configuration - Custom File Management".
    3. Expand folders: directories -> CustomOut -> Backups -> offlinebackup -> sdsinst1 -> BACKUP_FILES.
    4. From the main panel, select each file, Click on Download button and save.

Online Backup using Web Admin Tool

This procedure provides Web Admin Tool methods, to create a new folder onlinebackup under /userdata/directory/CustomOut/Backups/ folder, configure online backup, a first time backup is performed when directory server (ibmslapd) is not running, and finally a schedule is configured for continuing online backups. "Directory Administration Server (ibmdiradm)" and "Directory Server Web Administration Tool (WAT)" should already be started in order to run this procedure.
  1. Connect to the SDS VA Directory Server Web Admin Tool via browser, using address such as:
    https://sds_va_hostname_or_ipaddress:12101/IDSWebApp
  2. Select LDAP Server Name and Login with User Id: cn=root (Directory Administrator DN) and its password.
  3. From left navigation list, expand Server administration and then click on Manage backup/restore.
  4. From resulting Manage backup/restore panel, click on Configure directory server backup tab.
  5. Under Configure directory server backup section, select/enable the Enable backup of directory server check box.
    Note: Optionally select/enable the Enable backup of changelog check box, if the changelog database is already configured,
  6. Select Online backup radio button.
  7. In required text box field Backup/Restore location, enter the backup folder path:
    /userdata/directory/CustomOut/Backups/onlinebackup
  8. Click on Apply button at the bottom part of the panel.
  9. In the bottom status panel, following task success message gets displayed:
    The changes were saved. Before scheduling an online backup for the first time, an initial offline backup is required. Click Backup tab to perform Backup operation now.
  10. Click on Perform directory server backup tab.
  11. For the first time only:
    1. From Perform directory server backup panel, observe the note:
      Note: Your first online backup must be done while the server is stopped.
    2. From Perform directory server backup panel, verify the "Backup type" and "Backup location".
    3. Click on Stop server and backup now button.
    4. Observe status and progress:
      • Top directory server status panel displays Red Stop button.
      • "Backup status" text box displays BACKUP IN PROGRESS.
      • In the bottom status panel, following task success message gets displayed:
        The backup request was submitted.
      • Click on the Check progress button to monitor the progress of the request.
      • After successful backup, "Backup status" changes to NOT SCHEDULED, and "Previous successful backup" displays date and time of the backup.
    5. Proceed to start directory server, one option is to click on Grey Play button, after the directory server start in normal mode, this gets turned into Green Play button.
  12. For all subsequent runs - the online backup can be performed even when ibmslapd process is running:
    1. From Perform directory server backup panel, verify the "Backup type" and "Backup location".
    2. Click on Backup now button.
    3. Observe status and progress:
      • Top directory server status panel continues to display Green Play button.
      • "Backup status" text box displays BACKUP IN PROGRESS.
      • In the bottom status panel, following task success message gets displayed:
        The backup request was submitted.
      • Click on the Check progress button to monitor the progress of the request.
      • After successful backup, "Backup status" changes to NOT SCHEDULED, and "Previous successful backup" displays date and time of the backup.
  13. Configure online backup schedule:
    Note: After configuring online backup, its very important to configure schedule for continuing online backups. This helps in not only having a latest backup but also keeps the number and size of db2 archived logs under control.
    1. From Manage backup/restore panel, click on Schedule directory server backup tab.
    2. From Schedule directory server backup panel, under Recurring (Once a week or daily) section:
      • Select the check box to enable the day and time fields.
      • From Day drop down list, select either DAILY or a specific DAY of the Week.
      • In Time text box, enter a suitable time for scheduled backup.
        Note: Prefer a low ldap update activity (on Directory Server) time frame for online backup.
      • Click on Apply button at the bottom part of the panel.
      • In the bottom status panel, following task success message gets displayed:
        The changes were saved. Click Backup or Restore directory tab to perform Backup or Restore operation now.
    3. Online backups will be performed automatically as per schedule.
  14. Download the backup files:
    Method A:
    1. Login to the SDS VA CLI using ssh or putty as admin user.
    2. Get into the Instance's shell via db2cmd:
      sdsva > tools db2cmd
    3. At the db2 prompt enter !bash shell command:
      db2 => !bash
    4. cd into CustomOut/Backups folder:
      bash-4.1$ cd /userdata/directory/CustomOut/Backups/onlinebackup/sdsinst1
    5. Transfer the entire BACKUP_FILES folder using scp:
      bash-4.1$ scp -rp BACKUP_FILES <user>@<remotehost>:<path>
    6. Get back into admin shell:
      bash-4.1$ exit
      db2 => quit

    Method B:
    1. To download individual backup files, Login as admin user into SDS VA Web LMI via browser, using address such as:
      https://sds_va_hostname_or_ipaddress.
    2. Navigate to "Configure - Directory Suite" -> "Advanced Configuration - Custom File Management".
    3. Expand folders: directories -> CustomOut -> Backups -> onlinebackup -> sdsinst1 -> BACKUP_FILES.
    4. From the main panel, select each file, Click on Download button and save.

Restore using Web Admin Tool

This procedure provides Web Admin Tool methods, to perform a restore of either previously taken or uploaded backup from /userdata/directory/CustomIn/Backups/ folder:
Note that Backups from CustomIn folder is a soft link to Backups folder in CustomOut folder. "Directory Administration Server (ibmdiradm)" and "Directory Server Web Administration Tool (WAT)" should already be started in order to run this procedure.
  1. In case of a new system, you must first configure a matching backup:
    If your current or source backup image is taken from an offline backup, follow the steps in Backup & Restore using Web Admin Tool -> Offline Backup (Offline Backup using Web Admin Tool) section.
    If your current or source backup image is taken from an online backup, follow the steps in Backup & Restore using Web Admin Tool -> Online Backup (Online Backup using Web Admin Tool) section.
  2. Upload the required backup folder to the SDS VA:
    Note: To perform a restore on the same system where the backup is originally taken and is still available, you don't have to re-upload, just proceed to step 3.
    1. Login to the SDS VA CLI using ssh or putty as admin user.
    2. Get into the Instance's shell via db2cmd:
      sdsva > tools db2cmd
    3. At the db2 prompt enter !bash shell command:
      db2 => !bash
    4. cd into CustomOut/Backups folder:
      bash-4.1$ cd /userdata/directory/CustomOut/Backups/offlinebackup/sdsinst1
      OR
      bash-4.1$ cd /userdata/directory/CustomOut/Backups/onlinebackup/sdsinst1
    5. Download the entire BACKUP_FILES folder using scp:
      bash-4.1$ scp -r <user>@<remotehost>:<path>/BACKUP_FILES .
    6. Get back into admin shell:
      bash-4.1$ exit
      db2 => quit
  3. Connect to the SDS VA Directory Server Web Admin Tool via browser, using address such as:
    https://sds_va_hostname_or_ipaddress:12101/IDSWebApp
  4. Select LDAP Server Name and Login with User Id: cn=root (Directory Administrator DN) and its password.
  5. From left navigation list, expand Server administration and then click on Manage backup/restore.
  6. From resulting Manage backup/restore panel, click on Perform directory server restore tab.
  7. From Perform directory server restore panel, verify the "Restore location".
  8. Click on Stop server and restore now button.
  9. Observe status and progress:
    • Top directory server status panel displays Red Stop button.
    • "Restore status" text box displays RESTORE IN PROGRESS.
    • In the bottom status panel, following task success message gets displayed:
      The restore request was submitted.
    • Click on the Check progress button to monitor the progress of the request.
    • After successful restore, "Restore status" changes to RESTORE COMPLETED <date-time>.
  10. Proceed to start directory server, one option is to click on Grey Play button, after the directory server start in normal mode, this gets turned into Green Play button.

Backup & Restore using Client Tools

Offline Backup using Client Tools

This procedure provides Client Tools methods, to create a new folder offlinebackup under /userdata/directory/CustomOut/Backups/ folder, configure offline backup and finally perform an offline backup. "Directory Administration Server (ibmdiradm)" and "Directory Server Web Administration Tool (WAT)" should already be started in order to run this procedure.
  1. Login to the SDS VA CLI using ssh or putty as admin user.
  2. Find the "Directory Server" and "Directory Administration Server" port numbers:
    sdsva > sds server_tools idsilist -a
    Directory server instance(s):
    --------------------------------------
    Name: sdsinst1
    Version: 8.0.1
    Location: /home/sdsinst1
    Description: IBM Security Directory Suite Instance V8.0.1
    IP Addresses: <sdsva_ipaddress>
    Port: 389
    Secure Port: 636
    Admin Server Port: 3538
    Admin Server Secure Port: 3539
    Type: Directory Server

    Note down the Director Server Instance's "Port" and "Admin Server Port" values, in this case, they are 389 and 3538 respectively.
  3. Using idsldapsearch, verify if the backup is already configured:
    sdsva > sds client_tools idsldapsearch -h <sdsva_hostname_or_ipaddress> -h 389 -D cn=root -w password -s base -b "cn=RDBM Backup, cn=Configuration" objectclass=*
    cn=RDBM Backup, cn=Configuration
    cn=RDBM Backup
    ibm-slapdBackupAt=NONE
    ibm-slapdBackupChangelog=FALSE
    ibm-slapdBackupEnabled=FALSE
    ibm-slapdBackupEvery=NONE
    ibm-slapdBackupLocation=NONE
    ibm-slapdBackupOnline=FALSE
    objectclass=top
    objectclass=ibm-slapdConfigEntry
    objectclass=ibm-slapdBackupConfiguration

    Note: If ibm-slapdBackupEnabled=FALSE is displayed then the backup is not yet enabled.
  4. To configure directory server backup, use the following command along with the given ldif:
    sdsva > sds client_tools idsldapmodify -h <sdsva_hostname_or_ipaddress> -p 389 -D cn=root -w password -i backup.ldif
    Operation 0 modifying entry cn=RDBM Backup, cn=Configuration

    Where backup.ldif (previously created and uploaded to CustomIn folder via Web LMI) contains the following four lines:
    dn: cn=RDBM Backup, cn=Configuration
    ibm-slapdBackupEnabled: TRUE
    ibm-slapdBackupLocation: /userdata/directory/CustomOut/Backups/offlinebackup
    ibm-slapdBackupOnline: FALSE
  5. To notify the admin server about the changes in the server configuration, run the following command against "Admin Server Port" 3538:
    sdsva > sds client_tools idsldapexop -h <sdsva_hostname_or_ipaddress> -p 3538 -D cn=root -w password –op readconfig -scope subtree "cn=RDBM Backup, cn=Configuration"
    Configuration file successfully updated.
  6. Stop the Directory Server before taking offline backup:
    sdsva > sds client_tools idsdirctl -h <sdsva_hostname_or_ipaddress> -p 3538 -D cn=root -w password stop
    Directory server is stopped
  7. To initiate offline backup of a directory server instance, run the following command:
    sdsva > sds client_tools idsldapexop -h <sdsva_hostname_or_ipaddress> -p 3538 -D cn=root -w password -op backuprestore -action backup
    ldapexop: backup submitted
  8. To display backup status, run the following command against "Admin Server Port" 3538:
    sdsva > sds client_tools idsldapsearch -h <sdsva_hostname_or_ipaddress> -p 3538 -D cn=root -w password -s base -b cn=backup,cn=monitor objectclass=*
    CN=BACKUP,CN=MONITOR
    backupenabled=TRUE
    backupchangelog=FALSE
    backuplastdone=2017-07-31-16:54
    backuplocation=/userdata/directory/CustomOut/Backups/offlinebackup
    restorelocation=/userdata/directory/CustomOut/Backups/offlinebackup
    backupnextscheduled=none
    backuponline=FALSE
    backupstatus=NOT SCHEDULED
    restorestatus=NONE IN PROGRESS
    backuponlinedatabaseconfigured=FALSE
    backuponlinechangelogconfigured=FALSE
  9. Observe status and progress:
    • "backupstatus" attribute displays BACKUP IN PROGRESS value.
    • After successful backup, "backupstatus" changes to NOT SCHEDULED, and "backuplastdone" displays date and time of the backup.
  10. Proceed to start directory server, one option is to use the same idsdirctl command:
    sdsva > sds client_tools idsdirctl -h <sdsva_hostname_or_ipaddress> -p 3538 -D cn=root -w password start
    Start operation succeeded
  11. Since the offline backup is configured, steps 6 through 10 could be repeated at any time to perform an offline backup as required.
  12. Download the backup files:
    Method A:
    1. Login to the SDS VA CLI using ssh or putty as admin user.
    2. Get into the Instance's shell via db2cmd:
      sdsva > tools db2cmd
    3. At the db2 prompt enter !bash shell command:
      db2 => !bash
    4. cd into CustomOut/Backups folder:
      bash-4.1$ cd /userdata/directory/CustomOut/Backups/offlinebackup/sdsinst1
    5. Transfer the entire BACKUP_FILES folder using scp:
      bash-4.1$ scp -rp BACKUP_FILES <user>@<remotehost>:<path>
    6. Get back into admin shell:
      bash-4.1$ exit
      db2 => quit

    Method B:
    1. To download individual backup files, Login as admin user into SDS VA Web LMI via browser, using address such as:
      https://sds_va_hostname_or_ipaddress.
    2. Navigate to "Configure - Directory Suite" -> "Advanced Configuration - Custom File Management".
    3. Expand folders: directories -> CustomOut -> Backups -> offlinebackup -> sdsinst1 -> BACKUP_FILES.
    4. From the main panel, select each file, Click on Download button and save.

Online Backup using Client Tools

This procedure provides Client Tools methods, to create a new folder onlinebackup under /userdata/directory/CustomOut/Backups/ folder, configure online backup, perform an online backup and finally schedule daily online backups. "Directory Administration Server (ibmdiradm)" and "Directory Server (ibmslapd)" should already be started in order to run this procedure.
  1. Login to the SDS VA CLI using ssh or putty as admin user.
  2. Find the "Directory Server" and "Directory Administration Server" port numbers:
    sdsva > sds server_tools idsilist -a
    Directory server instance(s):
    --------------------------------------
    Name: sdsinst1
    Version: 8.0.1
    Location: /home/sdsinst1
    Description: IBM Security Directory Suite Instance V8.0.1
    IP Addresses: <sdsva_ipaddress>
    Port: 389
    Secure Port: 636
    Admin Server Port: 3538
    Admin Server Secure Port: 3539
    Type: Directory Server

    Note down the Director Server Instance's "Port" and "Admin Server Port" values, in this case, they are 389 and 3538 respectively.
  3. Using idsldapsearch, verify if the backup is already configured:
    sdsva > sds client_tools idsldapsearch -h <sdsva_hostname_or_ipaddress> -h 389 -D cn=root -w password -s base -b "cn=RDBM Backup, cn=Configuration" objectclass=*
    cn=RDBM Backup, cn=Configuration
    cn=RDBM Backup
    ibm-slapdBackupAt=NONE
    ibm-slapdBackupChangelog=FALSE
    ibm-slapdBackupEnabled=FALSE
    ibm-slapdBackupEvery=NONE
    ibm-slapdBackupLocation=NONE
    ibm-slapdBackupOnline=FALSE
    objectclass=top
    objectclass=ibm-slapdConfigEntry
    objectclass=ibm-slapdBackupConfiguration

    Note: If ibm-slapdBackupEnabled=FALSE is displayed then the backup is not yet enabled.
  4. To configure directory server backup, use the following command along with the given ldif:
    sdsva > sds client_tools idsldapmodify -h <sdsva_hostname_or_ipaddress> -p 389 -D cn=root -w password -i backup.ldif
    Operation 0 modifying entry cn=RDBM Backup, cn=Configuration

    Where backup.ldif (previously created and uploaded to CustomIn folder via Web LMI) contains the following four lines:
    dn: cn=RDBM Backup, cn=Configuration
    ibm-slapdBackupEnabled: TRUE
    ibm-slapdBackupLocation: /userdata/directory/CustomOut/Backups/onlinebackup
    ibm-slapdBackupOnline: TRUE
  5. To notify the admin server about the changes in the server configuration, run the following command against "Admin Server Port" 3538:
    sdsva > sds client_tools idsldapexop -h <sdsva_hostname_or_ipaddress> -p 3538 -D cn=root -w password –op readconfig -scope subtree "cn=RDBM Backup, cn=Configuration"
    Configuration file successfully updated.
  6. Stop the Directory Server before taking any online backup. The first backup after updating the configuration must be done in offline mode when ibmslapd is stopped. All subsequent backups can be one online without stopping ibmslapd process.:
    sdsva > sds client_tools idsdirctl -h <sdsva_hostname_or_ipaddress> -p 3538 -D cn=root -w password stop
    Directory server is stopped
  7. To initiate first time only offline backup of a directory server instance, run the following command:
    sdsva > sds client_tools idsldapexop -h <sdsva_hostname_or_ipaddress> -p 3538 -D cn=root -w password -op backuprestore -action backup
    ldapexop: backup submitted
  8. To display backup status, run the following command against "Admin Server Port" 3538:
    sdsva > sds client_tools idsldapsearch -h <sdsva_hostname_or_ipaddress> -p 3538 -D cn=root -w password -s base -b cn=backup,cn=monitor objectclass=*
    CN=BACKUP,CN=MONITOR
    backupenabled=TRUE
    backupchangelog=FALSE
    backuplastdone=none
    backuplocation=/userdata/directory/CustomOut/Backups/onlinebackup
    restorelocation=none
    backupnextscheduled=none
    backuponline=ONLINE PENDING
    backupstatus=BACKUP IN PROGRESS
    restorestatus=NONE IN PROGRESS
    backuponlinedatabaseconfigured=FALSE
    backuponlinechangelogconfigured=FALSE
  9. Observe status and progress. When the backup is in progress, "backupstatus" attribute displays BACKUP IN PROGRESS value. After successful backup, "backupstatus" changes to NOT SCHEDULED, and "backuplastdone" displays date and time of the backup.
    sdsva > sds client_tools idsldapsearch -h <sdsva_hostname_or_ipaddress> -p 3538 -D cn=root -w password -s base -b cn=backup,cn=monitor objectclass=*
    CN=BACKUP,CN=MONITOR
    backupenabled=TRUE
    backupchangelog=FALSE
    backuplastdone=2017-07-31-17:26
    backuplocation=/userdata/directory/CustomOut/Backups/onlinebackup
    restorelocation=/userdata/directory/CustomOut/Backups/onlinebackup
    backupnextscheduled=none
    backuponline=TRUE
    backupstatus=NOT SCHEDULED
    restorestatus=NONE IN PROGRESS
    backuponlinedatabaseconfigured=TRUE
    backuponlinechangelogconfigured=FALSE
  10. Proceed to start directory server, one option is to use the same idsdirctl command:
    sdsva > sds client_tools idsdirctl -h <sdsva_hostname_or_ipaddress> -p 3538 -D cn=root -w password start
    Start operation succeeded
  11. Since the online backup is configured, steps 7 through 9 could be repeated at any time to perform an online backup as required (even when ibmslapd is still running).
  12. Configure online backup schedule:
    1. To configure directory server backup schedule, use the following command along with the given ldif:
      sdsva > sds client_tools idsldapmodify -h <sdsva_hostname_or_ipaddress> -p 389 -D cn=root -w password -i backup_schedule.ldif
      Operation 0 modifying entry cn=RDBM Backup, cn=Configuration

      Where backup_schedule.ldif (previously created and uploaded to CustomIn folder via Web LMI) contains the following two lines:
      dn: cn=RDBM Backup, cn=Configuration
      ibm-slapdBackupEvery: 7-17:45

      Note: The attribute value syntax for ibm-slapdBackupEvery is given below, where 0=Sunday, ..., 6=Saturday, and 7=Every day. In the case of "7-17:45", an online backup is scheduled for every day at 17:45 system time.
      ibm-slapdBackupEvery: <D-hh:mm>
    2. To notify the admin server about the changes in the server configuration, run the following command against "Admin Server Port" 3538:
      sdsva > sds client_tools idsldapexop -h <sdsva_hostname_or_ipaddress> -p 3538 -D cn=root -w password –op readconfig -scope subtree "cn=RDBM Backup, cn=Configuration"
      Configuration file successfully updated.
    3. Online backups will now be performed automatically as per schedule.
  13. Note: After configuring online backup, its very important to configure schedule for continuing online backups. This helps in not only having a latest backup but also keeps the number and size of db2 archived logs under control.
  14. Download the backup files:
    Method A:
    1. Login to the SDS VA CLI using ssh or putty as admin user.
    2. Get into the Instance's shell via db2cmd:
      sdsva > tools db2cmd
    3. At the db2 prompt enter !bash shell command:
      db2 => !bash
    4. cd into CustomOut/Backups folder:
      bash-4.1$ cd /userdata/directory/CustomOut/Backups/onlinebackup/sdsinst1
    5. Transfer the entire BACKUP_FILES folder using scp:
      bash-4.1$ scp -rp BACKUP_FILES <user>@<remotehost>:<path>
    6. Get back into admin shell:
      bash-4.1$ exit
      db2 => quit

    Method B:
    1. To download individual backup files, Login as admin user into SDS VA Web LMI via browser, using address such as:
      https://sds_va_hostname_or_ipaddress.
    2. Navigate to "Configure - Directory Suite" -> "Advanced Configuration - Custom File Management".
    3. Expand folders: directories -> CustomOut -> Backups -> onlinebackup -> sdsinst1 -> BACKUP_FILES.
    4. From the main panel, select each file, Click on Download button and save.

Restore using Client Tools

This procedure uses Client Tools to perform a restore of a previously taken or uploaded backup from /userdata/directory/CustomIn/Backups/ folder. This procedure requires you to have configured either offline or online backup using the Client Tools before performing the restore.
  1. Upload the required idsdbback.tar.gz to the SDS VA:
    Note: To perform a restore on the same system where the backup is originally taken and is still available, you don't have to re-upload, just proceed to step 2.
    1. To Upload the backup idsdbback.tar.gz file, Login as admin user into SDS VA Web LMI via browser, using address such as:
      https://sds_va_hostname_or_ipaddress
    2. Navigate to "Configure - Directory Suite" -> "Advanced Configuration - Custom File Management".
    3. Select CustomIn folder.
    4. From the main panel, Click on Upload button.
    5. In the File Upload pop-up panel, browse and select the required idsdbback.tar.gz from local system and click on Save Configuration button to complete the upload.
  2. Login to the SDS VA CLI using ssh or putty as admin user.
  3. Unarchive the idsdbback.tar.gz file using idsunarchive command:
    sdsva > sds client_tools idsunarchive -t tgz -f idsdbback.tar.gz
    Successfully expanded the archive 'idsdbback.tar.gz'. File(s) can be viewed under 'CustomIn' folder in LMI.
  4. Unarchive the idsdbback.tar file using idsunarchive command:
    sdsva > sds client_tools idsunarchive -t tar -f idsdbback.tar
    Successfully expanded the archive 'idsdbback.tar'. File(s) can be viewed under 'CustomIn' folder in LMI.
    Note: If in case, you see an error: "cp: target '/userdata/directory/CustomIn/Backups' is not a directory", ONLY then perform the steps below:
    • Get into the Instance's shell via db2cmd:
      sdsva > tools db2cmd
    • At the db2 prompt enter !bash shell command:
      db2 => !bash
    • cd into CustomIn folder:
      bash-4.1$ cd /userdata/directory/CustomIn/
    • Unarchive the idsdbback.tar file:
      bash-4.1$ tar -xvf idsdbback.tar
      Note: The above command expands the idsdbback.tar into Backups/onlinebackup folder inside CustomIn folder (soft link).
    • Get back into admin shell:
      bash-4.1$ exit
      db2 => quit
  5. Stop Directory Server (ibmslapd process):
    sdsva > sds client_tools idsdirctl -h <sdsva_hostname_or_ipaddress> -p 3538 -D cn=root -w password stop
    Directory server is stopped
  6. To initiate restore of a directory server instance, run the following command:
    sdsva > sds client_tools idsldapexop -h <sdsva_hostname_or_ipaddress> -p 3538 -D cn=root -w password -op backuprestore -action restore
    ldapexop: restore submitted
  7. To display restore status, run the following command against "Admin Server Port" 3538 - When the restore is in progress "restorestatus" will show "RESTORE IN PROGRESS":
    sdsva > sds client_tools idsldapsearch -h <sdsva_hostname_or_ipaddress> -p 3538 -D cn=root -w password -s base -b cn=backup,cn=monitor objectclass=*
    CN=BACKUP,CN=MONITOR
    backupenabled=TRUE
    backupchangelog=FALSE
    backuplastdone=2017-07-31-17:45
    backuplocation=/userdata/directory/CustomOut/Backups/onlinebackup
    restorelocation=/userdata/directory/CustomOut/Backups/onlinebackup
    backupnextscheduled=2017-08-01-17:45
    backuponline=TRUE
    backupstatus=SCHEDULED
    restorestatus=RESTORE IN PROGRESS
    backuponlinedatabaseconfigured=TRUE
    backuponlinechangelogconfigured=FALSE
  8. After the completion of the restore:
    sdsva > sds client_tools idsldapsearch -h <sdsva_hostname_or_ipaddress> -p 3538 -D cn=root -w password -s base -b cn=backup,cn=monitor objectclass=*
    CN=BACKUP,CN=MONITOR
    backupenabled=TRUE
    backupchangelog=FALSE
    backuplastdone=2017-07-31-17:45
    backuplocation=/userdata/directory/CustomOut/Backups/onlinebackup
    restorelocation=/userdata/directory/CustomOut/Backups/onlinebackup
    backupnextscheduled=2017-08-01-17:45
    backuponline=TRUE
    backupstatus=SCHEDULED
    restorestatus=RESTORE COMPLETED 2017-07-31-18:32
    backuponlinedatabaseconfigured=TRUE
    backuponlinechangelogconfigured=FALSE
  9. Start Directory Server (ibmslapd process):
    sdsva > sds client_tools idsdirctl -h <sdsva_hostname_or_ipaddress> -p 3538 -D cn=root -w password start
    Start operation succeeded

Original Publication Date

22 March 2017

[{"Product":{"code":"SS3Q78","label":"IBM Security Directory Suite"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"8.0.1","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
26 February 2024

UID

swg27049560

Page Feedback