Consider the following for disaster recovery:

  • With the default configuration, the server automatically exports all data nightly using the Export All Non-Administrative Backends recurring task. Up to 7 days of exports are maintained.

    You should archive these exports on another system.

  • The Data Recovery Log logs all changes in a reversible format to logs/data-recovery/data-recovery.
  • The bin/extract-data-recovery-log-changes tool provides the ability to redo or undo any changes from the logs/data-recovery/data-recovery logs.

The combination of these allows you to either rebuild the data set to any point in time or to revert specific changes on a live data set, such as if an errant application mistakenly wipes out some data.

For more information about LDIF exports, see LDIF export as a recurring task.


These steps assume that no server performs read or write operations during this process.

To complete a restore of your systems and perform a disaster recovery:

  1. Stop all servers.
  2. Go to one of the servers and remove it from the topology:

    This also cleans replication artifacts on this server instance as long as bind credentials are not provided. For this reason, don't provide --bindDN or --bindPassword with this.

  3. The server might ask you to reconnect for each offline server, enter no.
  4. Locate the backup or exported LDIF file that represents the last working copy of the database.
  5. Restore the backup or import the LDIF file on a single server. If importing an LDIF file, use the --excludeReplication option with the bin/import-ldif command.
  6. Start the restored server. The server can now receive client requests.
  7. The server might ask you to reconnect for each offline server, enter no.
  8. Clean up replication artifacts from the next server before starting it up:
  9. Start the server in lockdown mode with the following command:
    bin/start-server --skipPrime --lockdownMode
  10. Enable replication from the first server to the second server.
    bin/dsreplication enable
  11. Initialize the second server from the first with the following command:
    bin/dsreplication initialize
  12. Restart the second server or use the bin/leave-lockdown-mode command to exit lockdown mode.

    The second server can now receive client requests.

  13. Repeat steps 6 through 10 for any other servers.