Exporting data
The PingDirectory server export-ldif
command line tool exports data from the server backend to an LDIF file for backups, exporting data to other applications, or reinitializing servers in a replicated topology.
The export-ldif
tool supports the --task
argument, which initiates the export process from within the PingDirectory server. When export-ldif
is run as a task, extra information is available:
-
Output from the export process is included in the error log.
-
There is a task entry (accessible below the
cn=tasks
base distinguished name (DN)) with information about the success or failure of the export along with log messages.
An |
The export-ldif
tool exports a point-in-time snapshot of the backend that is guaranteed to provide a consistent state of the database in LDIF. If necessary, you can re-import with import-ldif
. The data exported by export-ldif
can include all or some of the entries (a subset of the entries, or a subset of the attributes within entries, or both) contained in the backend. You accomplish this by specifying branches, filters, and attributes to include or exclude. You can compress, encrypt, or digitally sign the exported LDIF.
You can configure LDIF exports as recurring tasks with |
Performing an export
Export data to an LDIF file.
Steps
-
To export data to an LDIF file, run the
export-ldif
tool.Example:
$ bin/export-ldif --backendID userRoot --ldifFile userRoot.ldif
Performing an export from specific branches
Steps
-
To export data to an LDIF file under a specific branch from the userRoot backend of the local PingDirectory server into a compressed file, run the
export-ldif
tool.Example:
In addition to including a specific branch, the following command excludes operational attributes from the exported data and wraps long lines at column 80.
$ bin/export-ldif --backendID userRoot --ldifFile userRoot.ldif.gz --compress \ --includeBranch ou=people,dc=example,dc=com --excludeOperational \ --wrapColumn 80
Performing post-LDIF-export task processing
When you invoke an LDIF export as an administrative task, the server can perform additional processing after successfully writing the LDIF file.
About this task
Although you can use the Server SDK to develop custom post-LDIF-export task processors, the server also provides the upload-to-s3
processor type, which you can use to upload the resulting LDIF file to a specified Amazon S3 bucket as a means of an off-site backup mechanism.
To configure the post-LDIF-export upload to the S3 bucket:
Steps
-
If the server isn’t configured with an appropriate Amazon AWS external server definition, create one with the necessary settings for connecting and authenticating to the AWS service.
Example:
dsconfig create-external-server \ --server-name AWS \ --type amazon-aws \ --set authentication-method:access-key \ --set aws-access-key-id:<accessKeyID> \ --set aws-secret-access-key:<secretAccessKey> \ --set aws-region-name:us-east-1
-
Configure an instance of the
upload-to-s3
post-LDIF-export task processor with the appropriate settings.Example:
dsconfig create-post-ldif-export-task-processor \ --processor-name "Upload to S3" \ --type upload-to-s3 \ --set enabled:true \ --set aws-external-server:AWS \ --set s3-bucket-name:<bucketName> \ --set maximum-file-count-to-retain:20 \ --set "maximum-file-age-to-retain:1 w"
-
When performing an LDIF export as an administrative task using the
export-ldif
tool, use the--postExportProcessor
argument with theprocessor-name
value of the desired post-LDIF-export task processor.Example:
bin/export-ldif \ --task \ --hostname ds.example.com \ --port 636 \ --useSSL \ --bindDN uid=admin,dc=example,dc=com \ --bindPasswordFile /path/to/admin-password.txt \ --backendID userRoot \ --ldifFile ldif/userRoot.ldif \ --postExportProcessor "Upload to S3"
To specify that a post-LDIF-export task processor should be used when performing an automated LDIF export through a recurring task, set the
post-ldif-export-task-processor
property in the configuration for the recurring task.