eDirectory Backup / Restore Cheat-Sheet

Here’s a quick cheat-sheet on how to do fast backup of your eDirectory tree from an OES Linux server.  While we’re at it, we’ll do a quick restore of an object.

First, let’s back it up!  Let’s grab the whole tree:

ndsbackup cvf /tmp/ndsbackup-treeRoot.bak [Root]

…note that you will be prompted for the admin user credentials, and by specifying the “[Root]” object, it will grab every single object in the tree and put it in the specified file.

Now, let’s get a little fancier:

ndsbackup cvf /tmp/ndsbackup.`date +%Y%m%d%H%M`.bak -a admin.corp [Root]

…here we are adding a date stamp to the output file, and giving it the admin username.  It will still prompt for the admin password, of course.  There are tricks to handle that, too, but this is good enough to get the point across.

If you want to see what’s in your backup file:

ndsbackup tf /tmp/ndsbackup.201003051421.bak

Make sure to copy that backup file off the server somewhere, somehow.  In reality, you might actually be writing the result directly to an nfs or samba share or something anyway, but the point is to get the data off the box for safety.

So let’s imagine a week goes by, and whoops… you deleted someone accidentally.  Don’t worry!  Because all you have to do to restore that user object is to put the file back on the filesystem where you can reach it, and do something like this…

To restore just that user you deleted:

ndsbackup wxvf /tmp/ndsbackup.201003051421.bak -a admin.corp cn=duser.ou=Users.o=corp

Or, plow in the whole container if you accidentally wiped it all out:

ndsbackup wxvf /tmp/ndsbackup.201003051421.bak -a admin.corp ou=Users.o=corp

…If you wish, you can remove the “w” from the above restore examples if you don’t want to be prompted to confirm for each object.  However, I tend to think the “w” is a good idea…

That’s all for now.  Of course, there are tons more options for ndsbackup if you look in the man page, but I’m not going in to that, because after all, this *is* a cheat sheet…



  1. Tim Patterson

    How would one go about backing up and restoring an entire tree with ndsbackup in order to create a 1:1 testing environment? I have been everywhere on the internet. No luck.

    E-mail me if you figure it out… 😉

  2. Jeremy Pavlov

    @ Tim

    That’s interesting. In such a manual mirroring scenario, there are some objects you will just not want to be replicated.

    Of course, I have no idea what your tree looks like, but if I were you, I might just duplicate certain containment hierarchies, and maybe even script it.

    For instance, if all your users are in an OU=Users (or whatever it is that you want to test against), you’d want to replicate that, but you wouldn’t want to replicate an OU=Servers…

    Good luck!

  3. Uwe Müller

    Cool howto.

    If you want to automate the ndsbackup, simply use the tool ndspassstore coming with package novell-edirectory-passstore. You can use this tool to store admin’s password encrypted on the server (somewhere under /var/opt/novell/).

    To use it type:
    ndsbackup cvf /tmp/ndsbackup.`date +%Y%m%d%H%M`.bak -a admin.corp [Root] -p passstore

    Another advantage is that you don’t see the admin password in the process list (as argument to ndsbackup).

  4. Jeremy Pavlov

    @ Uwe

    Great tip. Thanks for that!

    – Jeremy

Leave a Comment

Your email address will not be published.