You archive and restore Open Directory data using the Server app or the command line. To archive or restore a copy of your Open Directory data using the command line, use the slapconfig command. You can archive a copy of the data while the Open Directory master is in service.
The following files are archived:
- The LDAP directory database (includes password data) and configuration files
- Kerberos configuration files
- Keychain data needed by Open Directory
Archives are only used by Open Directory masters. If a replica develops a problem, you can remove it as a replica from the Open Directory master, set up the replica as if it were a new server (with a new host name), then set it up again as a replica of the same master.Important: Carefully safeguard the archive media that contains a copy of the Open Directory password database, the Kerberos database, and the Kerberos keytab file. The archive contains sensitive information. Your security precautions for the archive media should be as stringent as for the Open Directory master server.
If you enable Time Machine on the server, directory and authentication data is automatically archived.
Archive Open Directory data using the Server app
- In the Open Directory pane, click Servers.
- Choose Archive Open Directory Master from the Action pop-up menu (looks like a gear).
- In the Archive File field, enter or choose the path to the folder where you want the Open Directory data archived.
- Enter a password for the archive, then click Next.
- Confirm your settings, then click Archive.
Archive Open Directory data using the command line
You can archive Open Directory data from the command line.
To archive Open Directory data, open the Terminal app (located in the Other folder in Launchpad), then enter the following command:
$ sudo slapconfig -backupdb /full/path/to/archive For example, /full/path/to/archive could be /Volumes/Data/myODArchive.
Enter a password to encrypt the disk image. Encrypting the image protects the sensitive data in the Open Directory database.
The archive file will have the file extension “.sparseimage”.
Restore Open Directory data using the Server app
- In the Open Directory pane, turn Open Directory on.
- Select “Restore Open Directory domain from an archive,” then click Next.
- In the Archive File field, enter or choose the path to the Open Directory archive file.
- Enter the password for the archive, then click Next.
- Click Restore.
Restore Open Directory data using the command line
You can restore Open Directory data from the command line.
To restore Open Directory data, open the Terminal app (located in the Other folder in Launchpad), then enter the following command:
sudo slapconfig -restoredb /full/path/to/archive.sparseimage
For example, /full/path/to/archive.sparseimage could be /Volumes/Data/myODArchive.sparseimage.If you entered a password to encrypt the data when you archived it, enter that password when prompted.