dsbackup
dsbackup
— Backup and restore backends
Options
The dsbackup
command takes the following options:
Utility input/output options:
--no-prompt
-
Use non-interactive mode. If data in the command is missing, the user is not prompted and the tool will fail. Default: false
--noPropertiesFile
-
No properties file will be used to get default command line argument values. Default: false
--propertiesFilePath {propertiesFilePath}
-
Path to the file containing default property values used for command line arguments.
General options:
-V | --version
-
Display Directory Server version information. Default: false
-H | --help
-
Display this usage information. Default: false
Subcommands
The dsbackup
command supports the following subcommands:
dsbackup create
dsbackup create {options}
Take encrypted and signed backups of individual backends and send them to the desired location.
Options
In addition to the global dsbackup
options, the dsbackup create
subcommand takes the following options:
SubCommand Options:
-d | --backupLocation {backup location}
-
Backup file-system path or URI for alternative storage mechanisms. File-system paths may be expressed as absolute or relative paths and are resolved relative to the current working directory when the tool is run in offline mode, or relative to the server instance directory when the tool is run in task mode. Read the documentation for further information regarding alternative backup storage mechanisms.
-n | --backendName {backendName}
-
The name of the backend to back up. Specify this option multiple times to backup multiple backends or skip this option to backup all the enabled backends that support backups.
--offline
-
Indicates that the command will operate independently of the server process. It will run regardless of whether the server is started or stopped. When using this option with the restore sub-command, the server must be stopped; also as the command will write to server files, you should run the command as a user having the same filesystem permissions as the user running the server. Using this option with the create sub-command when the server is running is possible and supported. With JE Backends, the integrity of the backup is ensured by the process. With LDIF backends, avoid simultaneous changes to the backends. Default: false
--providerArg {argument}
-
Configuration argument for the PKCS#11 provider.
--providerClass {class}
-
Full class name of the PKCS#11 provider.
--providerName {name}
-
Name of the PKCS#11 provider.
--storageProperty {PROP:VALUE}
-
Assigns a value to a storage property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it.
Task Scheduling Options
--completionNotify {emailAddress}
-
Email address of a recipient to be notified when the task completes. This option may be specified more than once.
--dependency {taskID}
-
ID of a task upon which this task depends. A task will not start execution until all its dependencies have completed execution.
--description {description}
-
Gives a description to the task.
--errorNotify {emailAddress}
-
Email address of a recipient to be notified if an error occurs when this task executes. This option may be specified more than once.
--failedDependencyAction {action}
-
Action this task will take should one if its dependent tasks fail. The value must be one of PROCESS, CANCEL, DISABLE. If not specified defaults to CANCEL.
--recurringTask {schedulePattern}
-
Indicates the task is recurring and will be scheduled according to the value argument expressed in crontab(5) compatible time/date pattern. The schedule pattern for a recurring task supports only the following
crontab
features:
Field | Allowed Values |
---|---|
minute |
0-59 |
hour |
0-23 |
day of month |
1-31 |
month |
1-12 (or names) |
day of week |
0-7 (0 or 7 is Sunday, or use names) |
A field can contain an asterisk, *
. An asterisk stands for first-last
.
Fields can include ranges of numbers. A range is two numbers separated by a hyphen, and is inclusive. For example, 8-10
for an "hour" field means execution at hours 8, 9, and 10.
Fields can include lists. A list is a set of numbers or ranges separated by commas. For example, 4,8-10
for an "hour" field means execution at hours 4, 8, 9, and 10.
When using names for in "month" or "day of week" fields, use the first three letters of the particular month or day of the week. Case does not matter. Ranges and lists of names are not supported.
-t | --start {startTime}
-
Indicates the date/time at which this operation will start when scheduled as a server task expressed in YYYYMMDDhhmmssZ format for UTC time or YYYYMMDDhhmmss for local time. A value of '0' will cause the task to be scheduled for immediate execution. When this option is specified the operation will be scheduled to start at the specified time after which this utility will exit immediately.
--taskId {taskID}
-
Gives an ID to the task.
LDAP connection options:
--connectTimeout {timeout}
-
Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out. Default: 30000
-D | --bindDn {bindDN}
-
DN to use to bind to the server. Default: uid=admin
-E | --reportAuthzId
-
Use the authorization identity control. Default: false
-h | --hostname {host}
-
Fully-qualified server host name or IP address. Default: localhost.localdomain
-N | --certNickname {nickname}
-
Nickname of the certificate that should be sent to the server for SSL client authentication.
-o | --saslOption {name=value}
-
SASL bind options.
-p | --port {port}
-
Directory server administration port number.
-T | --trustStorePassword[:env|:file] {trustStorePassword}
-
Truststore password which will be used as the cleartext configuration value.
--useJavaKeyStore {keyStorePath}
-
JKS keystore containing the certificate which should be used for SSL client authentication.
--useJavaTrustStore {trustStorePath}
-
Use a JKS truststore file for validating server certificate.
--useJceKeyStore {keyStorePath}
-
JCEKS keystore containing the certificate which should be used for SSL client authentication.
--useJceTrustStore {trustStorePath}
-
Use a JCEKS truststore file for validating server certificate.
--useJvmTrustStore
-
Use the JVM truststore for validating server certificate. Default: false
--usePasswordPolicyControl
-
Use the password policy request control. Default: false
--usePkcs11KeyStore
-
PKCS#11 keystore containing the certificate which should be used for SSL client authentication. Default: false
--usePkcs12KeyStore {keyStorePath}
-
PKCS#12 keystore containing the certificate which should be used for SSL client authentication.
--usePkcs12TrustStore {trustStorePath}
-
Use a PKCS#12 truststore file for validating server certificate.
-w | --bindPassword[:env|:file] {bindPassword}
-
Password to use to bind to the server. Omit this option while providing the bind DN to ensure that the command prompts for the password, rather than entering the password as a command argument.
-W | --keyStorePassword[:env|:file] {keyStorePassword}
-
Keystore password which will be used as the cleartext configuration value.
-X | --trustAll
-
Trust all server SSL certificates. Default: false
dsbackup list
dsbackup list {options}
List the backups at the specified location.
Options
In addition to the global dsbackup
options, the dsbackup list
subcommand takes the following options:
-d | --backupLocation {backup location}
-
Location containing backups: file-system path or URI for alternative storage mechanisms. File-system paths may be expressed as absolute or relative paths and are resolved relative to the current working directory when the tool is run in offline mode, or relative to the server instance directory when the tool is run in task mode. Read the documentation for further information regarding alternative backup storage mechanisms.
--last
-
Show only the last backup for each backend. Default: false
-n | --backendName {backendName}
-
Show only backups taken from the provided backend.
--serverId {server ID}
-
Show only backups taken from the provided server.
--storageProperty {PROP:VALUE}
-
Assigns a value to a storage property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it.
--verify
-
Verify backups completeness, integrity and whether they can be decrypted. Default: false
dsbackup purge
dsbackup purge {options}
Delete one or more backups.
Options
In addition to the global dsbackup
options, the dsbackup purge
subcommand takes the following options:
SubCommand Options:
--backupId {backup ID}
-
The ID of the backup that should be deleted. Specify this option multiple times to purge multiple backups.
-d | --backupLocation {backup location}
-
Location containing backups: file-system path or URI for alternative storage mechanisms. File-system paths may be expressed as absolute or relative paths and are resolved relative to the current working directory when the tool is run in offline mode, or relative to the server instance directory when the tool is run in task mode. Read the documentation for further information regarding alternative backup storage mechanisms.
--force
-
Must be used with the '--olderThan' option, indicates that the last backup of each backend can be deleted if older than the provided duration. Default: false
--keepCount {number of backups}
-
The number of backups to keep per backend. Use this option to keep the n latest backups of each backend and delete the others. If n=0, all the backups will be removed.
-n | --backendName {backend name}
-
Purge only backups of the specified backend. Specify this option multiple times to allow purging backups of different backends. Skip this option to allow purging backups of all backends. This can only be used with options '--keepCount' or '--olderThan'.
--offline
-
Indicates that the command will operate independently of the server process. It will run regardless of whether the server is started or stopped. When using this option with the restore sub-command, the server must be stopped; also as the command will write to server files, you should run the command as a user having the same filesystem permissions as the user running the server. Using this option with the create sub-command when the server is running is possible and supported. With JE Backends, the integrity of the backup is ensured by the process. With LDIF backends, avoid simultaneous changes to the backends. Default: false
--olderThan {duration}
-
Delete backups that are older than the provided duration. The latest backup of each backend will always be kept unless the '--force' option is also provided. Duration examples: '12 hours', '3 days', '1y'.
--providerArg {argument}
-
Configuration argument for the PKCS#11 provider.
--providerClass {class}
-
Full class name of the PKCS#11 provider.
--providerName {name}
-
Name of the PKCS#11 provider.
--storageProperty {PROP:VALUE}
-
Assigns a value to a storage property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it.
Task Scheduling Options
--completionNotify {emailAddress}
-
Email address of a recipient to be notified when the task completes. This option may be specified more than once.
--dependency {taskID}
-
ID of a task upon which this task depends. A task will not start execution until all its dependencies have completed execution.
--description {description}
-
Gives a description to the task.
--errorNotify {emailAddress}
-
Email address of a recipient to be notified if an error occurs when this task executes. This option may be specified more than once.
--failedDependencyAction {action}
-
Action this task will take should one if its dependent tasks fail. The value must be one of PROCESS, CANCEL, DISABLE. If not specified defaults to CANCEL.
--recurringTask {schedulePattern}
-
Indicates the task is recurring and will be scheduled according to the value argument expressed in crontab(5) compatible time/date pattern. The schedule pattern for a recurring task supports only the following
crontab
features:
Field | Allowed Values |
---|---|
minute |
0-59 |
hour |
0-23 |
day of month |
1-31 |
month |
1-12 (or names) |
day of week |
0-7 (0 or 7 is Sunday, or use names) |
A field can contain an asterisk, *
. An asterisk stands for first-last
.
Fields can include ranges of numbers. A range is two numbers separated by a hyphen, and is inclusive. For example, 8-10
for an "hour" field means execution at hours 8, 9, and 10.
Fields can include lists. A list is a set of numbers or ranges separated by commas. For example, 4,8-10
for an "hour" field means execution at hours 4, 8, 9, and 10.
When using names for in "month" or "day of week" fields, use the first three letters of the particular month or day of the week. Case does not matter. Ranges and lists of names are not supported.
-t | --start {startTime}
-
Indicates the date/time at which this operation will start when scheduled as a server task expressed in YYYYMMDDhhmmssZ format for UTC time or YYYYMMDDhhmmss for local time. A value of '0' will cause the task to be scheduled for immediate execution. When this option is specified the operation will be scheduled to start at the specified time after which this utility will exit immediately.
--taskId {taskID}
-
Gives an ID to the task.
LDAP connection options:
--connectTimeout {timeout}
-
Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out. Default: 30000
-D | --bindDn {bindDN}
-
DN to use to bind to the server. Default: uid=admin
-E | --reportAuthzId
-
Use the authorization identity control. Default: false
-h | --hostname {host}
-
Fully-qualified server host name or IP address. Default: localhost.localdomain
-N | --certNickname {nickname}
-
Nickname of the certificate that should be sent to the server for SSL client authentication.
-o | --saslOption {name=value}
-
SASL bind options.
-p | --port {port}
-
Directory server administration port number.
-T | --trustStorePassword[:env|:file] {trustStorePassword}
-
Truststore password which will be used as the cleartext configuration value.
--useJavaKeyStore {keyStorePath}
-
JKS keystore containing the certificate which should be used for SSL client authentication.
--useJavaTrustStore {trustStorePath}
-
Use a JKS truststore file for validating server certificate.
--useJceKeyStore {keyStorePath}
-
JCEKS keystore containing the certificate which should be used for SSL client authentication.
--useJceTrustStore {trustStorePath}
-
Use a JCEKS truststore file for validating server certificate.
--useJvmTrustStore
-
Use the JVM truststore for validating server certificate. Default: false
--usePasswordPolicyControl
-
Use the password policy request control. Default: false
--usePkcs11KeyStore
-
PKCS#11 keystore containing the certificate which should be used for SSL client authentication. Default: false
--usePkcs12KeyStore {keyStorePath}
-
PKCS#12 keystore containing the certificate which should be used for SSL client authentication.
--usePkcs12TrustStore {trustStorePath}
-
Use a PKCS#12 truststore file for validating server certificate.
-w | --bindPassword[:env|:file] {bindPassword}
-
Password to use to bind to the server. Omit this option while providing the bind DN to ensure that the command prompts for the password, rather than entering the password as a command argument.
-W | --keyStorePassword[:env|:file] {keyStorePassword}
-
Keystore password which will be used as the cleartext configuration value.
-X | --trustAll
-
Trust all server SSL certificates. Default: false
dsbackup restore
dsbackup restore {options}
Restore one or more backends. In order to decrypt and verify signatures on backup files, the server must have access to the master key pair used to encrypt and sign the files when they were created.
Options
In addition to the global dsbackup
options, the dsbackup restore
subcommand takes the following options:
SubCommand Options:
--backupId {backup ID}
-
Restore the backup having the provided ID. Specify this option multiple times to restore multiple backends.
-d | --backupLocation {backup location}
-
Location containing backups: file-system path or URI for alternative storage mechanisms. File-system paths may be expressed as absolute or relative paths and are resolved relative to the current working directory when the tool is run in offline mode, or relative to the server instance directory when the tool is run in task mode. Read the documentation for further information regarding alternative backup storage mechanisms.
-n | --backendName {backendName}
-
Restore the last backup of the provided backend. Specify this option multiple times to restore multiple backends.
--offline
-
Indicates that the command will operate independently of the server process. It will run regardless of whether the server is started or stopped. When using this option with the restore sub-command, the server must be stopped; also as the command will write to server files, you should run the command as a user having the same filesystem permissions as the user running the server. Using this option with the create sub-command when the server is running is possible and supported. With JE Backends, the integrity of the backup is ensured by the process. With LDIF backends, avoid simultaneous changes to the backends. Default: false
--providerArg {argument}
-
Configuration argument for the PKCS#11 provider.
--providerClass {class}
-
Full class name of the PKCS#11 provider.
--providerName {name}
-
Name of the PKCS#11 provider.
--storageProperty {PROP:VALUE}
-
Assigns a value to a storage property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it.
Task Scheduling Options
--completionNotify {emailAddress}
-
Email address of a recipient to be notified when the task completes. This option may be specified more than once.
--dependency {taskID}
-
ID of a task upon which this task depends. A task will not start execution until all its dependencies have completed execution.
--description {description}
-
Gives a description to the task.
--errorNotify {emailAddress}
-
Email address of a recipient to be notified if an error occurs when this task executes. This option may be specified more than once.
--failedDependencyAction {action}
-
Action this task will take should one if its dependent tasks fail. The value must be one of PROCESS, CANCEL, DISABLE. If not specified defaults to CANCEL.
--recurringTask {schedulePattern}
-
Indicates the task is recurring and will be scheduled according to the value argument expressed in crontab(5) compatible time/date pattern. The schedule pattern for a recurring task supports only the following
crontab
features:
Field | Allowed Values |
---|---|
minute |
0-59 |
hour |
0-23 |
day of month |
1-31 |
month |
1-12 (or names) |
day of week |
0-7 (0 or 7 is Sunday, or use names) |
A field can contain an asterisk, *
. An asterisk stands for first-last
.
Fields can include ranges of numbers. A range is two numbers separated by a hyphen, and is inclusive. For example, 8-10
for an "hour" field means execution at hours 8, 9, and 10.
Fields can include lists. A list is a set of numbers or ranges separated by commas. For example, 4,8-10
for an "hour" field means execution at hours 4, 8, 9, and 10.
When using names for in "month" or "day of week" fields, use the first three letters of the particular month or day of the week. Case does not matter. Ranges and lists of names are not supported.
-t | --start {startTime}
-
Indicates the date/time at which this operation will start when scheduled as a server task expressed in YYYYMMDDhhmmssZ format for UTC time or YYYYMMDDhhmmss for local time. A value of '0' will cause the task to be scheduled for immediate execution. When this option is specified the operation will be scheduled to start at the specified time after which this utility will exit immediately.
--taskId {taskID}
-
Gives an ID to the task.
LDAP connection options:
--connectTimeout {timeout}
-
Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out. Default: 30000
-D | --bindDn {bindDN}
-
DN to use to bind to the server. Default: uid=admin
-E | --reportAuthzId
-
Use the authorization identity control. Default: false
-h | --hostname {host}
-
Fully-qualified server host name or IP address. Default: localhost.localdomain
-N | --certNickname {nickname}
-
Nickname of the certificate that should be sent to the server for SSL client authentication.
-o | --saslOption {name=value}
-
SASL bind options.
-p | --port {port}
-
Directory server administration port number.
-T | --trustStorePassword[:env|:file] {trustStorePassword}
-
Truststore password which will be used as the cleartext configuration value.
--useJavaKeyStore {keyStorePath}
-
JKS keystore containing the certificate which should be used for SSL client authentication.
--useJavaTrustStore {trustStorePath}
-
Use a JKS truststore file for validating server certificate.
--useJceKeyStore {keyStorePath}
-
JCEKS keystore containing the certificate which should be used for SSL client authentication.
--useJceTrustStore {trustStorePath}
-
Use a JCEKS truststore file for validating server certificate.
--useJvmTrustStore
-
Use the JVM truststore for validating server certificate. Default: false
--usePasswordPolicyControl
-
Use the password policy request control. Default: false
--usePkcs11KeyStore
-
PKCS#11 keystore containing the certificate which should be used for SSL client authentication. Default: false
--usePkcs12KeyStore {keyStorePath}
-
PKCS#12 keystore containing the certificate which should be used for SSL client authentication.
--usePkcs12TrustStore {trustStorePath}
-
Use a PKCS#12 truststore file for validating server certificate.
-w | --bindPassword[:env|:file] {bindPassword}
-
Password to use to bind to the server. Omit this option while providing the bind DN to ensure that the command prompts for the password, rather than entering the password as a command argument.
-W | --keyStorePassword[:env|:file] {keyStorePassword}
-
Keystore password which will be used as the cleartext configuration value.
-X | --trustAll
-
Trust all server SSL certificates. Default: false