How to backup and recover (Export & Import ) Embedded LDAP Server? (Doc ID 2197278.1)

Last updated on OCTOBER 27, 2016

Applies to:

Oracle WebLogic Server - Version 10.3.6 and later
Information in this document applies to any platform.

Goal

How to backup and recover (Export & Import ) Embedded LDAP Server?

  About embedded LDAP server


The default Authentication, Authorization, Role Mapper, and Credential Mapper providers that are installed with WebLogic Server store their data in an LDAP server.

Each WebLogic Server instance contains an embedded LDAP server. The Administration Server contains the master LDAP server which is replicated on all Managed Servers.

If any of your security realms use these installed providers, you should maintain an up-to-date backup of the following directory tree:

domain_name\servers\ adminServer\data\ldap

 

where domain_name is the domain root directory and adminServer is the directory in which the Administration Server stores run time and security data.
Each WebLogic Server instance has an LDAP directory, but you only need to back up the LDAP data on the Administration Server—the master LDAP server replicates the LDAP data from each Managed Server when updates to security data are made. WebLogic security providers cannot modify security data while the domain Administration Server is unavailable.

The LDAP repositories on Managed Servers are replicas and cannot be modified.


The ldap\ldapfiles subdirectory contains the data files for the LDAP server. The files in this directory contain user, group, group membership, policies, and role information. Other subdirectories under the ldap directory contain LDAP server message logs and data about replicated LDAP servers.
Do not update the configuration of a security provider while a backup of LDAP data is in progress. If a change is made—for instance, if an administrator adds a user—while you are backing up the ldap directory tree, the backups in the ldapfiles subdirectory could become inconsistent. If this does occur, consistent, but potentially out-of-date, LDAP backups are available, because once a day, a server suspends write operations and creates its own backup of the LDAP data.

It archives this backup in a ZIP file below the ldap\backup directory and then resumes write operations. This backup is guaranteed to be consistent, but it might not contain the latest security data.

 


 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms