Backup and recovery considerations for EIM
You need to develop a backup and recovery plan for your Enterprise Identity Mapping (EIM) data to ensure that your EIM data is protected and can be recovered should there ever be a problem with the directory server that hosts the EIM domain controller. There is also important EIM configuration information that you need to understand how to recover.
Backup and recovery of EIM domain data
How you save your EIM data depends on how you decide to manage this aspect of the directory server that acts as the domain controller for your EIM data.
One way to back
up the data, especially for disaster recovery purposes is to save
the database library. By default, this is QUSRDIRDB
.
If changelog
is enabled, then you should also save
the library QUSRDIRCL
. The directory server on the
system where you want to restore the library must have the same LDAP
schema and configuration as the original directory server. The files
that store this information are in /QIBM/UserData/OS400/DirSrv
.
Additional configuration data is stored in QUSRSYS/QGLDCFG
(*USRSPC
object)
and QUSRSYS/QGLDVLDL
(*VLDL
object).
In order to have a complete backup of everything for your directory
server, you must save both libraries, the integrated file system files,
and the QUSRSYS
objects.
For example, you could use an LDIF file to save all or part of the directory server contents. To back up the domain information for an IBM Tivoli® Directory Server for IBM i domain controller complete these steps:
- From IBM Navigator for i, expand .
- Click TCP/IP Servers.
- Right-click IBM Tivoli Directory Server for IBM i, select to display a page that allows you to specify what parts of the directory server contents to export to a file.
- Transfer the export file to the IBM i platform that you want to use as your backup directory server.
- From IBM Navigator for i on the backup server, expand .
- Click TCP/IP Servers.
- Right-click IBM Tivoli Directory Server for IBM i, select to load the contents of the transferred file to the new directory server.
Another method you may consider for saving your EIM domain data, is to configure and use a replica directory server. All changes to EIM domain data are automatically forwarded to the replica directory server so that if the directory server that hosts the domain controller fails or loses EIM data, you can retrieve the data from the replica server.
How you configure and use a replica directory server varies depending on the type of replication model that you choose to use.
Backup and recovery of EIM configuration information
Should your system go down, you may need to restore EIM configuration information for that system. This information cannot be saved and restored easily across systems.
- Use the Save Security Data (SAVSECDTA) command on each system
to save EIM and other important configuration information. Then restore
the QSYS user profile object on each system. Note: You must use the SAVSECDTA command and restore the QSYS user profile object on each system with an EIM configuration individually. You may experience problems if you try to recover the QSYS user profile object on one system when it was saved on a different system.
- Either rerun the EIM Configuration wizard or you manually update the EIM Configuration folder properties. To make this process easier, you should save your EIM implementation planning work sheets or make a record of the EIM configuration information for each system.
Additionally, you need to consider and plan how to back up and recover you network authentication service data if you configured network authentication service as part of implementing a single sign-on environment.