This is one of the most common activity that every IDM assignment might consist of, backing up and restoring LDAP. In this post I would like to provide an insight about backing up and restoring details for Oracle Internet Directory 11g.
Essentially what you need to take backup is :
- Users and group data : Containing under realm say dc=oracle,dc=com
- Schema: object classes and attributes
- LDAP configuration: such as configuration set etc.,
For a small LDAP there are two ways to take backup:
- Stopping all OID processes and taking backup of database schemas ODS, ODSSM (OR)
- Backing up ldap content (both ldap data + schema) into ldif files.
Backing up and restoring production environments is a topic for another day.
Backing up OID environment:
- Shutdown OID process using opmnctl.
- Set ORACLE_HOME env variable.
- Run the command $ORACLE_HOME/ldap/bin/ldifwrite connect=”OIDDB” basedn=”dc=oracle,dc=com” ldiffile=”oid_backup.ldif”
- NOTE: Fetch the OID connection string value from file $AS_INSTANCE/config/tnsnames.ora. Specify the basedn for the data that you want to fetch and this is used for specific naming context backup. If you want to fetch complete OID, specify it as blank say “”.
- Start the OID process using opmnctl.
- Run the command to backup schema $ORACLE_HOME/bin/ldapsearch -h OID_Host -p OID_Port -D cn=orcladmin -w OID_Password -L -b “cn=subschemasubentry” -s base “objectclass=*” > oid_schema.ldif
Restoring OID environment:
OID restoration can happen in the same node or different node.
- Shutdown the target OID node. Copy the oid_backup.ldif and oid_schema.ldif to the location $ORACLE_HOME/ldap/bin.
- Run the command to delete all entries in new OID node $ORACLE_HOME/ldap/bin/bulkdelete connect=”OIDDB” basedn=”"
- Run the command to load the new entries $ORACLE_HOME/ldap/bin/bulkload connect=”OIDDB” generate=”TRUE” load=”TRUE” restore=”TRUE” file=”oid_backup.ldif”
- Run the command to load the schema ./bulkload connect=”OIDDB” generate=true load=true restore=true file=../../bin/oid_schema.ldif
- Start the OID process using opmnctl. Test the OID using ldapbind.
The bulk utilities will write the logs to several files:
$AS_INSTANCE/diagnostics/logs/OID/tools/bulkload.log: This file contains the bulkload command output.
$AS_INSTANCE/diagnostics/logs/OID/tools/duplicateDN.log: This file contains the list of duplicate DNs found while running bulkload command.
$AS_INSTANCE/diagnostics/logs/OID/tools/bulkdelete.log: This file contains the bulkdelete command output.
$AS_INSTANCE/diagnostics/logs/OID/tools/ldifwrite.log: This file contains the bulkwrite command output.
$AS_INSTANCE/OID/load/badentry.ldif: This file contains a list of bad LDIF entries.
Hope this helps. Please write your suggestions/comments.