PingDirectory

Exporting data

The PingDirectory server export-ldif command line tool exports data from the server backend to an LDIF file for backups, exporting data to other applications, or reinitializing servers in a replicated topology.

The export-ldif tool supports the --task argument, which initiates the export process from within the PingDirectory server. When export-ldif is run as a task, extra information is available:

  • Output from the export process is included in the error log.

  • There is a task entry (accessible below the cn=tasks base distinguished name (DN)) with information about the success or failure of the export along with log messages.

An ldif-export task can be run from the server system or a remote system. Even if it’s run from a remote system, the exported LDIF file is still written to the server system.

The export-ldif tool exports a point-in-time snapshot of the backend that is guaranteed to provide a consistent state of the database in LDIF. If necessary, you can re-import with import-ldif. The data exported by export-ldif can include all or some of the entries (a subset of the entries, or a subset of the attributes within entries, or both) contained in the backend. You accomplish this by specifying branches, filters, and attributes to include or exclude. You can compress, encrypt, or digitally sign the exported LDIF.

You can configure LDIF exports as recurring tasks with dsconfig create-recurring-task. You can schedule them to run by adding them to a recurring task chain.

Performing an export

Export data to an LDIF file.

Steps

  • To export data to an LDIF file, run the export-ldif tool.

    Example:

    $ bin/export-ldif --backendID userRoot --ldifFile userRoot.ldif

Performing an export from specific branches

Steps

  • To export data to an LDIF file under a specific branch from the userRoot backend of the local PingDirectory server into a compressed file, run the export-ldif tool.

    Example:

    In addition to including a specific branch, the following command excludes operational attributes from the exported data and wraps long lines at column 80.

    $ bin/export-ldif --backendID userRoot --ldifFile userRoot.ldif.gz --compress \
      --includeBranch ou=people,dc=example,dc=com --excludeOperational \
      --wrapColumn 80

Performing post-LDIF-export task processing

When you invoke an LDIF export as an administrative task, the server can perform additional processing after successfully writing the LDIF file.

About this task

Although you can use the Server SDK to develop custom post-LDIF-export task processors, the server also provides the upload-to-s3 processor type, which you can use to upload the resulting LDIF file to a specified Amazon S3 bucket as a means of an off-site backup mechanism.

To configure the post-LDIF-export upload to the S3 bucket:

Steps

  1. If the server isn’t configured with an appropriate Amazon AWS external server definition, create one with the necessary settings for connecting and authenticating to the AWS service.

    Example:

    dsconfig create-external-server \
      --server-name AWS \
      --type amazon-aws \
      --set authentication-method:access-key \
      --set aws-access-key-id:<accessKeyID>  \
      --set aws-secret-access-key:<secretAccessKey>  \
      --set aws-region-name:us-east-1
  2. Configure an instance of the upload-to-s3 post-LDIF-export task processor with the appropriate settings.

    Example:

    dsconfig create-post-ldif-export-task-processor \
      --processor-name "Upload to S3" \
      --type upload-to-s3 \
      --set enabled:true \
      --set aws-external-server:AWS \
      --set s3-bucket-name:<bucketName>  \
      --set maximum-file-count-to-retain:20 \
      --set "maximum-file-age-to-retain:1 w"
  3. When performing an LDIF export as an administrative task using the export-ldif tool, use the --postExportProcessor argument with the processor-name value of the desired post-LDIF-export task processor.

    Example:

    bin/export-ldif \
      --task \
      --hostname ds.example.com \
      --port 636 \
      --useSSL \
      --bindDN uid=admin,dc=example,dc=com \
      --bindPasswordFile /path/to/admin-password.txt \
      --backendID userRoot \
      --ldifFile ldif/userRoot.ldif \
      --postExportProcessor "Upload to S3"

    To specify that a post-LDIF-export task processor should be used when performing an automated LDIF export through a recurring task, set the post-ldif-export-task-processor property in the configuration for the recurring task.