{"id":12054,"date":"2017-08-10T15:41:42","date_gmt":"2017-08-10T20:41:42","guid":{"rendered":"http:\/\/jianmingli.com\/wp\/?p=12054"},"modified":"2017-08-10T15:41:42","modified_gmt":"2017-08-10T20:41:42","slug":"opendj-3-backup-and-restore","status":"publish","type":"post","link":"https:\/\/jianmingli.com\/wp\/?p=12054","title":{"rendered":"OpenDJ 3: Backup and Restore"},"content":{"rendered":"
\n

Contents<\/h2>\n
    \n\t
  1. \n\t\tOverview<\/a>\n\t<\/li>\n\t
  2. \n\t\tbackup<\/a>\n\t\t
      \n\t\t\t
    1. \n\t\t\t\tExamples<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
    2. \n\t\tRestore<\/a>\n\t\t
        \n\t\t\t
      1. \n\t\t\t\tExamples<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
      2. \n\t\tHelp Pages<\/a>\n\t\t
          \n\t\t\t
        1. \n\t\t\t\tbackup<\/a>\n\t\t\t<\/li>\n\t\t\t
        2. \n\t\t\t\trestore<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
        3. \n\t\tReferences<\/a>\n\t<\/li>\n<\/ol>\n<\/ol>\n<\/div>\n
           <\/div>\n

          Overview<\/h2><\/span>\n

          * Backup and restore can be done in two formats:
          \n– binary
          \n– ldif
          \n* backup command only backs up directory data
          \n* Server configuration backups are stored in config\/archived-configs<\/em> directory
          \n* Backup data can be encrypted.
          \n– Symmetric key, which is stored in server configuration, is used to encrypt data
          \n– Symmetric key is itself encrypted by a server private key, which is also stored in server configuration<\/p>\n

          backup<\/h2><\/span>\n

          Examples<\/h3><\/span>\n

          * Online backup<\/p>\n

          \r\n# Backup all user data on the server\r\nbackup --port 4444 --bindDN \"cn=Directory Manager\" --bindPassword \"Welcome1\" --backupAll --backupDirectory C:\\prog\\opendj3\\bak --start 0\r\n\r\nBackup task 20170810154556423 scheduled to start Aug 10, 2017 3:45:56 PM EDT\r\n\r\n# Backup userRoot data only\r\nbackup --port 4444 --bindDN \"cn=Directory Manager\" --bindPassword \"Welcome1\" --backendID userRoot --backupDirectory C:\\prog\\opendj3\\bak --start 0\r\n\r\nBackup task 20170810154027505 scheduled to start Aug 10, 2017 3:40:27 PM EDT\r\n\r\n<\/pre>\n
          * Offline backup<\/p>\n
          \r\nstop-ds\r\n\r\nbackup --backendId userRoot --backupDirectory C:\\prog\\opendj3\\bak\r\n\r\n[10\/08\/2017:15:02:26 -0400] category=TOOLS seq=0 severity=INFO msg=Starting backup for backend userRoot\r\n[10\/08\/2017:15:02:26 -0400] category=UTIL seq=1 severity=INFO msg=Archived backup file: 00000000.jdb\r\n[10\/08\/2017:15:02:26 -0400] category=TOOLS seq=2 severity=INFO msg=The backup process completed successfully\r\n<\/pre>\n
          Restore<\/h2><\/span>\n
          Examples<\/h3><\/span>\n
          * List backups<\/p>\n
          \r\nrestore --backupDirectory C:\\prog\\opendj3\\bak --listBackups\r\nBackup ID:          20170810190222Z\r\nBackup Date:        10\/Aug\/2017:15:02:26 -0400\r\nIs Incremental:     false\r\nIs Compressed:      false\r\nIs Encrypted:       false\r\nHas Unsigned Hash:  false\r\nHas Signed Hash:    false\r\nDependent Upon:     none\r\n\r\nBackup ID:          20170810194027Z\r\nBackup Date:        10\/Aug\/2017:15:40:27 -0400\r\nIs Incremental:     false\r\nIs Compressed:      false\r\nIs Encrypted:       false\r\nHas Unsigned Hash:  false\r\nHas Signed Hash:    false\r\nDependent Upon:     none\r\n<\/pre>\n
          * Online restore from a particular backup<\/p>\n
          \r\nrestore --port 4444 --bindDN \"cn=Directory Manager\" --bindPassword Welcome1 --backupDirectory C:\\prog\\opendj3\\bak --backupID 20170810194027Z --start 0\r\n\r\nRestore task 20170810161658314 scheduled to start Aug 10, 2017 4:16:58 PM EDT\r\n<\/pre>\n
          * Offline restore from a particular backup<\/p>\n
          \r\nstop-ds\r\n\r\nrestore --backupDirectory C:\\prog\\opendj3\\bak --backupID 20170810194027Z\r\n\r\nRestore task 20170810161658314 scheduled to start Aug 10, 2017 4:16:58 PM EDT\r\n<\/pre>\n
          Help Pages<\/h2><\/span>\n
          backup<\/h3><\/span>\n
          \r\nbackup --help\r\nC:\\prog\\opendj3\\bat>backup --help\r\nUsage:  backup  {options}\r\n\r\nThis utility can be used to back up one or more Directory Server backends\r\n\r\nCommand options:\r\n\r\n-a, --backUpAll\r\n    Back up all backends in the server\r\n-A, --hash\r\n    Generate a hash of the backup contents\r\n-B, --incrementalBaseID {backupID}\r\n    Backup ID of the source archive for an incremental backup\r\n-c, --compress\r\n    Compress the backup contents\r\n-d, --backupDirectory {backupDir}\r\n    Path to the target directory for the backup file(s)\r\n-i, --incremental\r\n    Perform an incremental backup rather than a full backup\r\n-I, --backupID {backupID}\r\n    Use the provided identifier for the backup\r\n-n, --backendID {backendName}\r\n    Backend ID for the backend to archive\r\n-s, --signHash\r\n    Sign the hash of the backup contents\r\n-y, --encrypt\r\n    Encrypt the backup contents\r\n\r\nTask Backend Connection Options\r\n\r\n--connectTimeout {timeout}\r\n    Maximum length of time (in milliseconds) that can be taken to establish a\r\n    connection.  Use '0' to specify no time out\r\n    Default value: 30000\r\n-D, --bindDN {bindDN}\r\n    DN to use to bind to the server\r\n    Default value: cn=Directory Manager\r\n-h, --hostname {host}\r\n    The fully-qualified directory server host name that will be used when\r\n    generating self-signed certificates for LDAP SSL\/StartTLS, the\r\n    administration connector, and replication\r\n    Default value: VW1JIALI2\r\n-j, --bindPasswordFile {bindPasswordFile}\r\n    Bind password file\r\n-K, --keyStorePath {keyStorePath}\r\n    Certificate key store path\r\n-N, --certNickname {nickname}\r\n    Nickname of the certificate that the server should use when accepting\r\n    SSL-based connections or performing StartTLS negotiation\r\n-o, --saslOption {name=value}\r\n    SASL bind options\r\n-p, --port {port}\r\n    Directory server administration port number\r\n    Default value: 4444\r\n-P, --trustStorePath {trustStorePath}\r\n    Certificate trust store path\r\n    Default value: C:\\prog\\opendj3\\config\\admin-truststore\r\n-T, --trustStorePassword {trustStorePassword}\r\n    Certificate trust store PIN\r\n-u, --keyStorePasswordFile {keyStorePasswordFile}\r\n    Certificate key store PIN file.  A PIN is required when you specify to use\r\n    an existing certificate as server certificate\r\n-U, --trustStorePasswordFile {path}\r\n    Certificate trust store PIN file\r\n-w, --bindPassword {bindPassword}\r\n    Password to use to bind to the server. Use -w - to ensure that the command\r\n    prompts for the password, rather than entering the password as a command\r\n    argument\r\n-W, --keyStorePassword {keyStorePassword}\r\n    Certificate key store PIN.  A PIN is required when you specify to use an\r\n    existing certificate as server certificate\r\n-X, --trustAll\r\n    Trust all server SSL certificates\r\n\r\nTask Scheduling Options\r\n\r\n--completionNotify {emailAddress}\r\n    Email address of a recipient to be notified when the task completes.  This\r\n    option may be specified more than once\r\n--dependency {taskID}\r\n    ID of a task upon which this task depends.  A task will not start\r\n    execution until all its dependencies have completed execution\r\n--errorNotify {emailAddress}\r\n    Email address of a recipient to be notified if an error occurs when this\r\n    task executes.  This option may be specified more than once\r\n--failedDependencyAction {action}\r\n    Action this task will take should one if its dependent tasks fail.  The\r\n    value must be one of PROCESS,CANCEL,DISABLE.  If not specified defaults to\r\n    CANCEL\r\n--recurringTask {schedulePattern}\r\n    Indicates the task is recurring and will be scheduled according to the\r\n    value argument expressed in crontab(5) compatible time\/date pattern\r\n-t, --start {startTime}\r\n    Indicates the date\/time at which this operation will start when scheduled\r\n    as a server task expressed in YYYYMMDDhhmmssZ format for UTC time or\r\n    YYYYMMDDhhmmss for local time.  A value of '0' will cause the task to be\r\n    scheduled for immediate execution.  When this option is specified the\r\n    operation will be scheduled to start at the specified time after which\r\n    this utility will exit immediately\r\n\r\nUtility input\/output options:\r\n\r\n--noPropertiesFile\r\n    No properties file will be used to get default command line argument values\r\n--propertiesFilePath {propertiesFilePath}\r\n    Path to the file containing default property values used for command line\r\n    arguments\r\n\r\nGeneral options:\r\n\r\n-V, --version\r\n    Display Directory Server version information\r\n-?, -H, --help\r\n    Display this usage information\r\n<\/pre>\n
          restore<\/h3><\/span>\n
          \r\nrestore --help\r\n\r\nUsage:  restore  {options}\r\n\r\nThis utility can be used to restore a backup of a Directory Server backend\r\n\r\nCommand options:\r\n\r\n-d, --backupDirectory {backupDir}\r\n    Path to the directory containing the backup file(s)\r\n-I, --backupID {backupID}\r\n    Backup ID of the backup to restore\r\n-l, --listBackups\r\n    List available backups in the backup directory\r\n-n, --dry-run\r\n    Verify the contents of the backup but do not restore it\r\n\r\nTask Backend Connection Options\r\n\r\n--connectTimeout {timeout}\r\n    Maximum length of time (in milliseconds) that can be taken to establish a\r\n    connection.  Use '0' to specify no time out\r\n    Default value: 30000\r\n-D, --bindDN {bindDN}\r\n    DN to use to bind to the server\r\n    Default value: cn=Directory Manager\r\n-h, --hostname {host}\r\n    The fully-qualified directory server host name that will be used when\r\n    generating self-signed certificates for LDAP SSL\/StartTLS, the\r\n    administration connector, and replication\r\n    Default value: VW1JIALI2\r\n-j, --bindPasswordFile {bindPasswordFile}\r\n    Bind password file\r\n-K, --keyStorePath {keyStorePath}\r\n    Certificate key store path\r\n-N, --certNickname {nickname}\r\n    Nickname of the certificate that the server should use when accepting\r\n    SSL-based connections or performing StartTLS negotiation\r\n-o, --saslOption {name=value}\r\n    SASL bind options\r\n-p, --port {port}\r\n    Directory server administration port number\r\n    Default value: 4444\r\n-P, --trustStorePath {trustStorePath}\r\n    Certificate trust store path\r\n    Default value: C:\\prog\\opendj3\\config\\admin-truststore\r\n-T, --trustStorePassword {trustStorePassword}\r\n    Certificate trust store PIN\r\n-u, --keyStorePasswordFile {keyStorePasswordFile}\r\n    Certificate key store PIN file.  A PIN is required when you specify to use\r\n    an existing certificate as server certificate\r\n-U, --trustStorePasswordFile {path}\r\n    Certificate trust store PIN file\r\n-w, --bindPassword {bindPassword}\r\n    Password to use to bind to the server. Use -w - to ensure that the command\r\n    prompts for the password, rather than entering the password as a command\r\n    argument\r\n-W, --keyStorePassword {keyStorePassword}\r\n    Certificate key store PIN.  A PIN is required when you specify to use an\r\n    existing certificate as server certificate\r\n-X, --trustAll\r\n    Trust all server SSL certificates\r\n\r\nTask Scheduling Options\r\n\r\n--completionNotify {emailAddress}\r\n    Email address of a recipient to be notified when the task completes.  This\r\n    option may be specified more than once\r\n--dependency {taskID}\r\n    ID of a task upon which this task depends.  A task will not start\r\n    execution until all its dependencies have completed execution\r\n--errorNotify {emailAddress}\r\n    Email address of a recipient to be notified if an error occurs when this\r\n    task executes.  This option may be specified more than once\r\n--failedDependencyAction {action}\r\n    Action this task will take should one if its dependent tasks fail.  The\r\n    value must be one of PROCESS,CANCEL,DISABLE.  If not specified defaults to\r\n    CANCEL\r\n--recurringTask {schedulePattern}\r\n    Indicates the task is recurring and will be scheduled according to the\r\n    value argument expressed in crontab(5) compatible time\/date pattern\r\n-t, --start {startTime}\r\n    Indicates the date\/time at which this operation will start when scheduled\r\n    as a server task expressed in YYYYMMDDhhmmssZ format for UTC time or\r\n    YYYYMMDDhhmmss for local time.  A value of '0' will cause the task to be\r\n    scheduled for immediate execution.  When this option is specified the\r\n    operation will be scheduled to start at the specified time after which\r\n    this utility will exit immediately\r\n\r\nUtility input\/output options:\r\n\r\n--noPropertiesFile\r\n    No properties file will be used to get default command line argument values\r\n--propertiesFilePath {propertiesFilePath}\r\n    Path to the file containing default property values used for command line\r\n    arguments\r\n\r\nGeneral options:\r\n\r\n-V, --version\r\n    Display Directory Server version information\r\n-?, -H, --help\r\n    Display this usage information\r\n<\/pre>\n
          References<\/h2><\/span>\n
          * OpenDJ Administration Guide Version 3.5<\/p>\n","protected":false},"excerpt":{"rendered":"
          Overview * Backup and restore can be done in two formats: – binary – ldif * backup command only backs up directory data * Server configuration backups are stored in config\/archived-configs directory * Backup data can be encrypted. – Symmetric … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[225],"tags":[158,613,769],"class_list":["post-12054","post","type-post","status-publish","format-standard","hentry","category-opendj","tag-backup","tag-opendj","tag-restore"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8cRUO-38q","_links":{"self":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/12054","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12054"}],"version-history":[{"count":2,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/12054\/revisions"}],"predecessor-version":[{"id":12056,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/12054\/revisions\/12056"}],"wp:attachment":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12054"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12054"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12054"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}