Backup and recovery considerations for EIM
You need to develop a backup and recovery plan for your Enterprise Identity Mapping (EIM) data to ensure that your EIM data is protected and can be recovered should there ever be a problem with the directory server that hosts the EIM domain controller. There is also important EIM configuration information that you need to understand how to recover.
Backup and recovery of EIM domain data
How you save your EIM data depends on how you decide to manage this aspect of the directory server that acts as the domain controller for your EIM data.
One way to back up the data, especially for disaster recovery purposes is to save
the database library. By default, this is
is enabled, then you should also save the library
QUSRDIRCL. The directory server
on the system where you want to restore the library must have the same LDAP schema and configuration
as the original directory server. The files that store this information are in
/QIBM/UserData/OS400/DirSrv. Additional configuration data is stored in
*USRSPC object) and
*VLDL object). In order to have a complete
backup of everything for your directory server, you must save both libraries, the integrated file
system files, and the
For example, you could use an LDIF file to save all or part of the directory server contents. To back up the domain information for an IBM Tivoli® Directory Server for IBM i domain controller complete these steps:
- Use the Copy To LDIF (CPYTOLDIF) command to copy all or part of the directory server contents to a file.
- Transfer the file to the IBM i platform that you want to use as your backup directory server.
- On the backup server, use the Copy From LDIF (CPYFRMLDIF) command to load the contents of the transferred file to the new directory server.
Another method you may consider for saving your EIM domain data, is to configure and use a replica directory server. All changes to EIM domain data are automatically forwarded to the replica directory server so that if the directory server that hosts the domain controller fails or loses EIM data, you can retrieve the data from the replica server.
How you configure and use a replica directory server varies depending on the type of replication model that you choose to use.
Backup and recovery of EIM configuration information
Should your system go down, you may need to restore EIM configuration information for that system. This information cannot be saved and restored easily across systems.
- Use the Save Security Data (SAVSECDTA) command on each system
to save EIM and other important configuration information. Then restore
the QSYS user profile object on each system. Note: You must use the SAVSECDTA command and restore the QSYS user profile object on each system with an EIM configuration individually. You may experience problems if you try to recover the QSYS user profile object on one system when it was saved on a different system.
- Either rerun the EIM Configuration wizard or you manually update the EIM Configuration folder properties. To make this process easier, you should save your EIM implementation planning work sheets or make a record of the EIM configuration information for each system.
Additionally, you need to consider and plan how to back up and recover you network authentication service data if you configured network authentication service as part of implementing a single sign-on environment.