Publishers of technology books, eBooks, and videos for creative people

Home > Articles > Apple > Operating Systems

  • Print
  • + Share This
  • 💬 Discuss

Backing Up and Restoring Directory Data Manually

If you want to back up just the directory data of an LDAP master instead of cloning the entire drive, you should back up the domain database, the required configuration files, and the Open Directory Password Server database. You should also make copies of all these items at one time and with as little elapsed time between each item to ensure that the data from all three remain as in sync with each other as possible.

You can back up LDAP data while the domain is in active use (although to absolutely ensure consistency in your backup, you might want to stop the slapd service first). You cannot do a restore while the domain is in active use, however. You need to perform this process as root because only the root user has full access the requisite data. To stop the slapd service (and active use of the domain) before proceeding, use the following command:

/System/Library/StartupItems/LDAP/LDAP stop
  1. First, use the Unix slapcat command as follows to create a raw text dump of all directory information (with the exception of data stored by the Open Directory Password Server). Use the command as follows (you can substitute a filename other than backup and can include a full path to a specific backup location, although you have to include the. ldif extension):
    slapcat –l backup.ldif
  2. Copy the LDAP configuration files (which are contained in the /etc/openldap directory on the server’s startup volume) and the host configuration file located at /etc/hostconfig.
  3. Copy the /Library/Preferences/DirectoryService folder, which contains information about Open Directory binding for the server (including binding to its own directory). If your server uses SSL support for LDAP, also copy your security certificate and private key files.
  4. Create a directory to store the backup of the Open Directory Password Server database.
  5. Use the mkpassdb command to create a backup of the database in the folder you created for it, as follows:
    mkpassdb -backupdb <path to folder>
  6. Create a directory to store the backup of your Kerberos realm database.
  7. Use the kdb5_util tool to create a backup dump of your Kerberos data in the folder:
    kdb5_util dump > <path to folder>/kbd5dump.bak
  8. To restore LDAP directory domain data, first stop the slapd service, as described earlier. Then, copy the configuration and host configuration files to the appropriate location. Do the same with the security certificate and private key files, if you backed these up as well.
  9. Use the Unix slapadd command to restore the domain data from the raw text dump (if you changed the name from backup, substitute the appropriate name and/or file path):
    slapadd -c –l backup.ldif
  10. Use the mspassdb command to restore the Open Directory Password Server data:
    Mkpassdb –mergedb <path to folder>
  11. Use the kdb5_util tool to restore your Kerberos realm data:
    kdb5_util load <path to folder>/kbd5dump.bak
  12. Restart the server and then start the LDAP service (if it does not restart automatically). You will have stopped the server before attempting the restore process. You can restart the LDAP service by using the following Unix command:
    /System/Library/StartupItems/LDAP/LDAP start
  • + Share This
  • 🔖 Save To Your Account

Discussions

comments powered by Disqus