20120504 backing up an openam server - plembo/onemoretech GitHub Wiki

title: Backing up an OpenAM server link: https://onemoretech.wordpress.com/2012/05/04/backing-up-an-openam-server/ author: lembobro description: post_id: 2655 created: 2012/05/04 11:50:25 created_gmt: 2012/05/04 15:50:25 comment_status: closed post_name: backing-up-an-openam-server status: publish post_type: post

Backing up an OpenAM server

To backup an OpenAM configuration you should both back up the physical files and export the configuration. It would also be a good practice to schedule a regular LDIF dump of the configuration LDAP server tree. Info to follow. Ypu should come up with file system path standards for your OpenAM and OpenDJ installations that include a standard for the configuration directory other than the default. For example:

/opt/openam/[instance_name]-server

If the name of the server was "testam", this would translate to:

/opt/openam/testam-server

Use tar to backup these files to an appropriate place.

tar -czf /data/backup/testam-server.tgz testam

Exporting an OpenAM configuration is performed using the ssoadm utility (see my post on OpenAM Tools for where to get this).

ssoadm export-svc-config 
-e XXXXXXXXXXXXXXXXXXXXXXXXXX
-u amAdmin 
-f $OPENAM_HOME/config/pwd.txt 
-o /data/backup/openam/server-node1-cfg.xml

"-e" is the password encryption key for the subject server. See Keys in OpenAM for where to find it. "-u" is the administrative user, usually amAdmin. "-f" is the full path to the admin user's password file. "$OPENAM_HOME" is an environment variable I set with my own standard "openam.env" file in the application server system user's home directory (in my case "tomcat6"). "-o" is the full path to the export file. When backing up, you should substitute the actual server name for "node1" to keep your exports straight (for example, "server-testam-cfg.xml"). Dumping the configuration LDAP server tree would be performed using the ldapsearch command:

ldapsearch -h test.example.com -p 1389 -D "cn=directory manager" 
-w xxxxxxxx -b "dc=opensso,dc=java,dc=net" -s sub 
"(objectclass=*)" >/data/backup/opendj/testam-server.ldif

The ldapsearch command used is what ships with OpenDJ. In my builds I create a ds-app1.env file in the opendj system user's home that can be used to automatically put this in your path when sourced.

Copyright 2004-2019 Phil Lembo