How to backup and recover (Export & Import ) Embedded LDAP Server?
About embedded LDAP server
The default Authentication, Authorization, Role Mapper, and Credential Mapper providers that are installed with WebLogic Server store their data in an LDAP server.
Each WebLogic Server instance contains an embedded LDAP server. The Administration Server contains the master LDAP server which is replicated on all Managed Servers.
If any of your security realms use these installed providers, you should maintain an up-to-date backup of the following directory tree:
domain_name\servers\ adminServer\data\ldap
where domain_name is the domain root directory and adminServer is the directory in which the Administration Server stores run time and security data.
Each WebLogic Server instance has an LDAP directory, but you only need to back up the LDAP data on the Administration Server—the master LDAP server replicates the LDAP data from each Managed Server when updates to security data are made. WebLogic security providers cannot modify security data while the domain Administration Server is unavailable.
Each WebLogic Server instance has an LDAP directory, but you only need to back up the LDAP data on the Administration Server—the master LDAP server replicates the LDAP data from each Managed Server when updates to security data are made. WebLogic security providers cannot modify security data while the domain Administration Server is unavailable.
The LDAP repositories on Managed Servers are replicas and cannot be modified.
The ldap\ldapfiles subdirectory contains the data files for the LDAP server. The files in this directory contain user, group, group membership, policies, and role information. Other subdirectories under the ldap directory contain LDAP server message logs and data about replicated LDAP servers.
Do not update the configuration of a security provider while a backup of LDAP data is in progress. If a change is made—for instance, if an administrator adds a user—while you are backing up the ldap directory tree, the backups in the ldapfiles subdirectory could become inconsistent. If this does occur, consistent, but potentially out-of-date, LDAP backups are available, because once a day, a server suspends write operations and creates its own backup of the LDAP data.
It archives this backup in a ZIP file below the ldap\backup directory and then resumes write operations. This backup is guaranteed to be consistent, but it might not contain the latest security data.
SOLUTION
1. Backup & restore Embedded LDAP
1.1 Back Up LDAP Repository
Configure backups for embedded LDAP servers
To configure the backups of the embedded LDAP server:
1. If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit
2. Select the Domain you want to configure (for example, base_domain1).
3. Expand Security -> Embedded LDAP.
To configure the backups of the embedded LDAP server:
1. If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit
2. Select the Domain you want to configure (for example, base_domain1).
3. Expand Security -> Embedded LDAP.
4. Set the Backup Hour, Backup Minute, and Backup Copies attributes on the Embedded LDAP Server page.
5. Click Save to save your changes.
6. To activate these changes, in the Change Center of the Administration Console, click Activate Changes.
Not all changes take effect immediately—some require a restart
6. To activate these changes, in the Change Center of the Administration Console, click Activate Changes.
Not all changes take effect immediately—some require a restart
After configured, Your AdminServer will zip domain_name/servers/adminServer/data/ldap/ldapfiles to one ZIP file EmbeddedLDAPBackup.zip. and backup to domain_name/servers/adminServer/data/ldap/backup.
This backup task will do 23:30 every day.
There are the following files in the EmbeddedLDAPBackup.zip.
EmbeddedLDAP.data
EmbeddedLDAP.delete
EmbeddedLDAP.index
EmbeddedLDAP.lok
EmbeddedLDAP.tran
EmbeddedLDAP.trpos
EmbeddedLDAP.twpos
EmbeddedLDAP.delete
EmbeddedLDAP.index
EmbeddedLDAP.lok
EmbeddedLDAP.tran
EmbeddedLDAP.trpos
EmbeddedLDAP.twpos
1.2 Restore LDAP Repository
If the embedded LDAP server file becomes corrupt or unusable, the Administration Server will generate a NumberFormatException and fail to start. This situation is rare but can occur if the disk becomes full and causes the embedded LDAP file to enter into an invalid state.
1. Change to the following directory:
cd domain_name/servers/adminServer/data
2. Rename the embedded LDAP server file, as in the following example:
mv ldap ldap.old
By renaming the file, and not deleting it completely, it remains available to you for analysis and potential data recovery.
NOTE:
Removing the entire LDAP directory does not need to be executed. All we need is to update the LDAP files directory with a copy from backup.
Removing LDAP directory completely should only be used as a last resort.
Removing LDAP directory completely should only be used as a last resort.
3. Start the Administration Server.
When the Administration Server starts, a new embedded LDAP server file is created.
4. Restore any data to the new embedded LDAP server that was added since the time the WebLogic domain was created.
Or
Shut down the AdminServer. Recover by the backup file EmbeddedLDAPBackup.zip in the directory domain_name/servers/adminServer/data/ldap/backup.
unzip EmbeddedLDAPBackup.zip
Copy the backed up files :
EmbeddedLDAP.data
EmbeddedLDAP.delete
EmbeddedLDAP.index
EmbeddedLDAP.lok
EmbeddedLDAP.tran
EmbeddedLDAP.trpos
EmbeddedLDAP.twpos
EmbeddedLDAP.delete
EmbeddedLDAP.index
EmbeddedLDAP.lok
EmbeddedLDAP.tran
EmbeddedLDAP.trpos
EmbeddedLDAP.twpos
To the directory :
domain_name/servers/adminServer/data/ldap/ldapfiles
Then restart AdminServer.
2. Import & Export Embedded LDAP
2.1 Export Embedded LDAP
In the Change Center of the Administration Console. Click on Security Realms -> myrealm
Click on Migration
For example: Input export direcoty /tmp/abc, Then Save.
You can goto the OS terminal,and find the following files:
ls -l /tmp/abc
5457 Oct 26 14:14 DefaultAuthenticator.dat
372 Oct 26 14:14 DefaultCredentialMapper.dat
669 Oct 26 14:14 exportIndex.dat
65380 Oct 26 14:14 XACMLAuthorizer.dat
14465 Oct 26 14:14 XACMLRoleMapper.dat
372 Oct 26 14:14 DefaultCredentialMapper.dat
669 Oct 26 14:14 exportIndex.dat
65380 Oct 26 14:14 XACMLAuthorizer.dat
14465 Oct 26 14:14 XACMLRoleMapper.dat
2.2 Import Embedded LDAP
Click on Security Realms -> myrealm -> Migration -> Import
Input the directory that contained *.dat files .
Then save. The data in the backup files will imported to the AdminServer.
No comments:
Post a Comment