DS 7 introduces improvements to simplify replication and backup/restore. If you need to revert accidental deletions of data in DS 7 and later, you should refer to the appropriate documentation:
In pre-DS 7, accidental deletions of data in DS can be reverted in two ways:
- The first way, described in How do I configure DS 5.x or 6.x to ensure accidentally deleted or changed data can be restored when replication is enabled?, configures the replication changelog to record additional information about each change. This allows changes to be reverted at a very fine-grained level and with very little impact on the servers in the replication topology. However, reverting each change requires several manual steps.
- The second way, described in this article, uses the backup and restore tools. This is comparatively coarse as you can only restore up until a given backup and it does require that every replicating server is reinitialized.
To roll back an entire network of DS replicas to a previous backup, you must restore the same backup to every replica and use pre-external-initialization and post-external-initialization as follows:
- Enter the following command on one of the servers to prepare the domain on all servers for being externally initialized: You must specify the baseDN of the data you are going to be changing, for example, dc=example,dc=com. $ ./dsreplication pre-external-initialization --hostname ds1.example.com --port 4444 --baseDN dc=example,dc=com --adminUID admin --adminPassword password --trustAll --no-prompt
- Enter the following command to restore the backup to each server (this command performs an online restore, so you do not need to stop the server first): $ ds1/bin/restore --hostname ds1.example.com --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --backupID [backupid] --backupDirectory /path/to/ds/bak $ ds2/bin/restore --hostname ds2.example.com --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --backupID [backupid] --backupDirectory /path/to/ds/bak [...]
- Enter the following command on one of the servers to set the new generation ID for the entire domain. Ensure to use the same baseDN as the first step: $ ./dsreplication post-external-initialization --hostname ds1.example.com --port 4444 --baseDN dc=example,dc=com --adminUID admin --adminPassword password --trustAll --no-prompt
The above steps alter the generation ID of the replicated domain. "Old" changes will not get replayed because they were targeting the data using the previous generation ID. The final step calculates a new generation ID for the domain and broadcasts it to all the servers, which allows them to replicate again.
Replication will now proceed as normal, but from the restored point in time.