My question was more along the lines of object level recovery. If you can keep regular backups of the objects (as LDIF) than you can restore a piece of that LDIF if someone accidentally deletes a large group or something along those lines.
-Brian On Apr 20, 2012, at 12:23 PM, Dmitri Pal wrote: > On 04/20/2012 11:47 AM, Rich Megginson wrote: >> >> On 04/20/2012 08:46 AM, Brian Cook wrote: >>> >>> >>> On Apr 16, 2012, at 12:40 PM, Dmitri Pal wrote: >>> >>>>> 2) What is everyone else doing to prepare IPA for a DR? I've read >>>>> that the best way to do it is to turn off the IPA services on a >>>>> replica and then back that replica up. I also read that this will >>>>> miss some important files that only exist on the master. >>>> >>>> That is the case when you use selfsigned cert but the preferred and >>>> default configuration is not with the self-signed certs. It was in the >>>> past but not any more. Currently when you install IPA and then replicas >>>> there is no difference between master and replicas (if you installed CA >>>> on the replica) so picking any one and recycling is possible. You won't >>>> loose anything. >>> >>> Can 389DS produce a full 'backup' in an LDIF of schema / objects while >>> running? >> >> While running - yes >> >> Here is a document that describes 389 database management: >> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Populating_Directory_Databases.html >> >> Schema files can just be copied/tarred from /etc/dirsrv/slapd-*/schema >> >> The real question is - how does this work with IPA? >> > The problem is that there are config files, certificates in the NSS database > that also need to be backed up to be able to restore the system. > It is easy to just stand up a new replica instead of the lost one than to > collect data and then try to restore. > > >>> >>> -Brian >>> >>> >>> _______________________________________________ >>> Freeipa-users mailing list >>> Freeipa-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-users >> > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IPA project, > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users