In the event that data is compromised across all systems and a restore is necessary, perform the following steps. These steps assume that no read or write operations are performed by any servers during this process.
Note: The following should be considered for disaster recovery:
  • With the default configuration, the server automatically exports all data nightly using the Export All Non-Administrative Backends recurring task. Up to seven days of exports are maintained. It is recommended that these be archived on another system.
  • The Data Recovery Log logs all changes in a reversible format to logs/data-recovery/data-recovery.
  • The bin/extract-data-recovery-log-changes tool provides the ability to redo or undo any changes from the logs/data-recovery/data-recovery logs.
  • The combination of these allows you to either rebuild the data set to any point in time or to revert specific changes on a live data set (for example, if an errant application mistakenly wipes out some data).
Note: See LDIF Export as a Recurring Task for information about LDIF exports.
  1. Stop all servers.
  2. Run the following command on all servers:
    $ /bin/dsreplication cleanup-local-server
                           
  3. Locate the backup or exported LDIF file that represents the last working copy of the database.
  4. Restore the backup or import the LDIF file on a single server. If importing an LDIF file, use the --excludeReplication option with the import-ldif command.
  5. Start the restored server. The server can now receive client requests.
  6. Start another server in lockdown mode with the following command:
    $ start-server --skipPrime --lockdownMode
  7. Enable replication from the first server to the second server.
  8. Initialize the second server from the first with the following command:
    $ bin/dsreplication initialize
  9. Restart the second server or use the bin/leave-lockdown-mode command to leave the server in lockdown mode. The second server can now receive client requests.
  10. Repeat steps 6 through 9 for any other servers.