PingDirectory

Performing disaster recovery

If data gets compromised across all systems, you must initiate disaster recovery procedures. For example, if an errant application wipes out some data, you can use the following items to rebuild the data set to any point in time or revert specific changes on a live data set:

  • With the default configuration, the server automatically exports all data nightly to the <server-root>/ldif directory using the Export All Non-Administrative Backends recurring task.

    The server maintains up to 7 days of exports, and you should archive these exports on another system. Learn more in LDIF export as a recurring task.

  • The Data Recovery Log records all changes in a reversible format in logs/data-recovery/data-recovery.

  • The bin/extract-data-recovery-log-changes tool provides the ability to redo or undo any changes from the logs/data-recovery/data-recovery logs.

Steps

To restore your systems and perform disaster recovery:

  1. Stop all servers and ensure that no requests attempt to communicate with any server in the topology.

  2. Go to one of the servers and remove it from the topology:

    Example:

    bin/remove-defunct-server --performLocalCleanup

  3. Locate the backup or exported LDIF file that represents the last working copy of the database.

  4. Restore the backup or import the LDIF file on a single server. If importing an LDIF file, use the --excludeReplication option with the bin/import-ldif command.

  5. Start the restored server. The server can now receive client requests.

  6. Clean up replication artifacts from the next server before starting it up:

    Example:

    bin/remove-defunct-server --performLocalCleanup

  7. Start the server in lockdown mode with the following command:

    Example:

    bin/start-server --skipPrime --lockdownMode

  8. Enable replication from the first server to the second server.

    Example:

    bin/dsreplication enable

  9. Initialize the second server from the first with the following command:

    Example:

    bin/dsreplication initialize

  10. Restart the second server or use the bin/leave-lockdown-mode command to exit lockdown mode.

    The second server can now receive client requests.

  11. Repeat steps 6 - 10 for any other servers.