...
If Ubisecure Directory is clustered, you can carry out the backup by stopping one node and making the backup of the stopped Ubisecure Directory instance.
OpenLDAP
Simple LDAP Backup and Restore Procedures
The easiest way to backup OpenLDAP is to stop the service and copy the installation directory to the backup destination. This will copy the internal database including all necessary configurations and files needed in the restore operation.
The backup procedure is as follows:
...
If a restore is needed, the OpenLDAP directory can be copied from the backup destination back to the server and can be used as is.
Export
An alternative way is to export all LDAP entries using the following command:
...
<HOST>is the hostname of the openLDAP, usuallylocalhost<PORT>is the port number where openLDAP is running, usually389<BASEDN>is the base Distinguished Name (DN) of the openLDAP directory<USERDN>is full DN of the user to be used when performing the export<PASSWORD>is the password for the user<LDIF>refers to the name of the backup LDIF file to be created
Import
You can import a previously created export from OpenLDAP by using the ldapmodify command:
...
<HOST>is the hostname of the openLDAP, usuallylocalhost<PORT>is the port number where openLDAP is running, usually389<USERDN>is full DN of the user to be used when performing the export<PASSWORD>is the password for the user<LDIF>refers to the name of the backup LDIF file to be created
Microsoft AD LDS
Microsoft AD LDS can be backed up with the tools provided by the Microsoft Windows 2008 R2 operating system or by exporting the Ubisecure Directory data to an LDIF file, which can be later imported, if necessary.
Export
MaxPageSixe
Microsoft AD LDS has a built-in limitation for the amount of returned objects per query. This limitation is known to cause problems if the amount of objects in Ubisecure Directory exceeds the limit.
...
| Code Block | ||
|---|---|---|
| ||
C:\Program Files\Microsoft ADAM\UbiloginDirectory |
dsdbutil
Microsoft Windows 2008 Server R2 provides the dsdbutil tool, which can also be used to back up the AD LDS. The following example demonstrates how to use the tool.
...
Where <location> is the path to the backup destination, for example, C:\backup\instance1.
Dsdbutil will create a backup of the adamntds.dit file to the given location, which can later be restored by simply replacing the adamntds.dit file in the ADAM installation directory.
Import
- Shut down
UbiloginDirectory - replace the
adamntds.ditfile inC:\Program Files\Microsoft ADAM\UbiloginDirectory\datawith the backup copy - Start
UbiloginDirectory
Restoring Ubisecure Directory Services
If Ubisecure Directory services must be restored, it can be accomplished with the following commands:
Script | Description |
|---|---|
C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\ldap\adam\adaminstall.cmd | Installs the Ubisecure Directory service. |
Microsoft ADAM
See section Microsoft AD LDS.
Backup using REST
Ubisecure CustomerID can export all user and organization related entries in a format that can later be imported with a custom tool called importtool. This is a simple and easy way to backup frequently changing data in Ubisecure Directory. See section MaxPageSixe, if AD LDS or ADAM is used.
...
Where <FILENAME> is the name of file that contains previously exported data.
Disaster Recovery
To fully recover from a disaster scenario, you will need the following backups:
...
- Restore the Ubisecure SSO installation directory
- Restore the Ubisecure CustomerID installation directory
- Install Ubisecure Directory, if necessary
- Setup Ubisecure Directory
- Install the Ubisecure Directory services, if necessary
- Import the Ubisecure Directory data from the backup
- Install the Ubisecure SSO services, if necessary
- Install the Ubisecure SSO services, if necessary
Recommendations for Windows Server 2008 R2 and AD LDS
The recommended backup methods for environment where Windows Server 2008 R2 and AD LDS are used are as follows:
...