Disaster recovery - PingDirectory

Disaster recovery - PingDirectory - 8.2

PingDirectory

bundle

pingdirectory-82

ft:publication_title

PingDirectory

Product_Version_ce

PingDirectory 8.2

category

Product

pd-82

pingdirectory

ContentType_ce

Page created: 22 Jul 2020 |

Page updated: 8 Dec 2021

| 2 min read

8.2 Product PingDirectory Directory Capability Product documentation Content Type Administration User task IT Administrator Administrator Audience Software Deployment Method Troubleshooting IT Operations

In the event that data is compromised across all systems and a restore is necessary, perform the following steps. These steps assume that no read or write operations are performed by any servers during this process.

Note:

The following should be considered for disaster recovery:

With the default configuration, the server automatically exports all data nightly using the Export All Non-Administrative Backends recurring task. Up to seven days of exports are maintained. It is recommended that these be archived on another system.
The Data Recovery Log logs all changes in a reversible format to logs/data-recovery/data-recovery.
The bin/extract-data-recovery-log-changes tool provides the ability to redo or undo any changes from the logs/data-recovery/data-recovery logs.
The combination of these allows you to either rebuild the data set to any point in time or to revert specific changes on a live data set (for example, if an errant application mistakenly wipes out some data).

Note:

See LDIF export as a recurring task for information about LDIF exports.

Stop all servers.
Go to one of the servers and remove it from the topology:
bin/remove-defunct-server
This also cleans replication artifacts on this server instance as long as bind credentials are not provided. For this reason, don't provide --bindDN or --bindPassword with this.
The server might ask you to reconnect for each offline server, enter no.
Locate the backup or exported LDIF file that represents the last working copy of the database.
Restore the backup or import the LDIF file on a single server. If importing an LDIF file, use the --excludeReplication option with the bin/import-ldif command.
Start the restored server. The server can now receive client requests.
The server might ask you to reconnect for each offline server, enter no.
Clean up replication artifacts from the next server before starting it up:
bin/remove-defunct-server
Start the server in lockdown mode with the following command:
bin/start-server --skipPrime --lockdownMode
Enable replication from the first server to the second server.
bin/dsreplication enable
Initialize the second server from the first with the following command:
bin/dsreplication initialize
Restart the second server or use the bin/leave-lockdown-mode command to exit lockdown mode.

The second server can now receive client requests.
Repeat steps 6 through 10 for any other servers.