<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">My question was more along the lines of object level recovery.  If you can keep regular backups of the objects (as LDIF) than you can restore a piece of that LDIF if someone accidentally deletes a large group or something along those lines.<div><br></div><div>-Brian<br><div><br></div><div><br><div><div>On Apr 20, 2012, at 12:23 PM, Dmitri Pal wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">

  
    <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
  
  <div bgcolor="#ffffff" text="#000000">
    On 04/20/2012 11:47 AM, Rich Megginson wrote:
    <blockquote cite="mid:4F918524.3050300@redhat.com" type="cite">
      <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
      On 04/20/2012 08:46 AM, Brian Cook wrote:
      <blockquote cite="mid:C4D72B36-0219-41D1-9FC0-6654D1A1A907@redhat.com" type="cite"><br>
        <div>
          <div>On Apr 16, 2012, at 12:40 PM, Dmitri Pal wrote:</div>
          <br class="Apple-interchange-newline">
          <blockquote type="cite"><span class="Apple-style-span" style="border-collapse: separate; font-family: Helvetica;
              font-style: normal; font-variant: normal; font-weight:
              normal; letter-spacing: normal; line-height: normal;
              orphans: 2; text-indent: 0px; text-transform: none;
              white-space: normal; widows: 2; word-spacing: 0px;
              font-size: medium;">
              <div>
                <blockquote type="cite">2) What is everyone else doing
                  to prepare IPA for a DR?  I've read<br>
                </blockquote>
                <blockquote type="cite">that the best way to do it is to
                  turn off the IPA services on a<br>
                </blockquote>
                <blockquote type="cite">replica and then back that
                  replica up.  I also read that this will<br>
                </blockquote>
                <blockquote type="cite">miss some important files that
                  only exist on the master.<span class="Apple-converted-space"> </span><br>
                </blockquote>
                <br>
                That is the case when you use selfsigned cert but the
                preferred and<br>
                default configuration is not with the self-signed certs.
                It was in the<br>
                past but not any more. Currently when you install IPA
                and then replicas<br>
                there is no difference between master and replicas (if
                you installed CA<br>
                on the replica) so picking any one and recycling is
                possible. You won't<br>
                loose anything.<span class="Apple-converted-space"> </span></div>
            </span></blockquote>
        </div>
        <br>
        <div>Can 389DS produce a full 'backup' in an LDIF of schema /
          objects while running?</div>
      </blockquote>
      <br>
      While running - yes<br>
      <br>
      Here is a document that describes 389 database management:<br>
      <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Populating_Directory_Databases.html">http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Populating_Directory_Databases.html</a><br>
      <br>
      Schema files can just be copied/tarred from
      /etc/dirsrv/slapd-*/schema<br>
      <br>
      The real question is - how does this work with IPA?<br>
      <br>
    </blockquote>
    The problem is that there are config files, certificates in the NSS
    database that also need to be backed up to be able to restore the
    system.<br>
    It is easy to just stand up a new replica  instead of the lost one
    than to collect data and then try to restore.<br>
    <br>
    <br>
    <blockquote cite="mid:4F918524.3050300@redhat.com" type="cite">
      <blockquote cite="mid:C4D72B36-0219-41D1-9FC0-6654D1A1A907@redhat.com" type="cite">
        <div><br>
        </div>
        <div>-Brian</div>
        <br>
        <fieldset class="mimeAttachmentHeader"></fieldset>
        <br>
        <pre wrap="">_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
      </blockquote>
      <br>
    </blockquote>
    <br>
    <br>
    <pre class="moz-signature" cols="72">-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>


</pre>
  </div>

</blockquote></div><br></div></div></body></html>