On 04/20/2012 05:28 PM, Brian Cook wrote:
My question was more along the lines of object level recovery. If you can keep regular backups of the objects (as LDIF) than you can restore a piece of that LDIF if someone accidentally deletes a large group or something along those lines.

The 389 db2ldif.pl can take LDIF snapshots while the server is running.


On Apr 20, 2012, at 12:23 PM, Dmitri Pal wrote:

On 04/20/2012 11:47 AM, Rich Megginson wrote:
On 04/20/2012 08:46 AM, Brian Cook wrote:

On Apr 16, 2012, at 12:40 PM, Dmitri Pal wrote:

2) What is everyone else doing to prepare IPA for a DR?  I've read
that the best way to do it is to turn off the IPA services on a
replica and then back that replica up.  I also read that this will
miss some important files that only exist on the master.

That is the case when you use selfsigned cert but the preferred and
default configuration is not with the self-signed certs. It was in the
past but not any more. Currently when you install IPA and then replicas there is no difference between master and replicas (if you installed CA on the replica) so picking any one and recycling is possible. You won't
loose anything.

Can 389DS produce a full 'backup' in an LDIF of schema / objects while running?

While running - yes

Here is a document that describes 389 database management:

Schema files can just be copied/tarred from /etc/dirsrv/slapd-*/schema

The real question is - how does this work with IPA?

The problem is that there are config files, certificates in the NSS database that also need to be backed up to be able to restore the system. It is easy to just stand up a new replica instead of the lost one than to collect data and then try to restore.


Freeipa-users mailing list

Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to