Hi: the link u provided mentioned similar :

9.2. RESTORING A BACKUP

If you have a directory with a backup created using

ipa-backup

, you can restore your IdM

server or the LDAP content to the state in which they were when the backup was

performed. You cannot restore a backup on a host different from the host on which the

backup was originally created

Is it meant if I clean install using same host name ( a total new host) and restore using the backup

it will fail right ?.. The disaster meant all hosts fail I need clean install the first host can I use the that restore method ?

2018-03-05 16:31 GMT+08:00 Florence Blanc-Renaud <flo@redhat.com>:

On 04/03/2018 02:28, barrykfl--- via FreeIPA-users wrote:

Tried those command before ,,,seem the web page and LDAP separate or I missed some parts.
it can turn on the ldap but the web page not allow to login ...mostly it related to ?

Hi,

on which system do you have trouble accessing the web GUI? the master?
In this case, can you paste the exact command you ran for restore, and the exact error message you see when trying to authenticate to the web? The httpd error log may also be helpful (/var/log/httpd/error).

Flo

2018-03-02 17:24 GMT+08:00 Florence Blanc-Renaud <flo@redhat.com <mailto:flo@redhat.com>>:

On 01/03/2018 10:37, barrykfl--- via FreeIPA-users wrote:

ic ..but the full restore can success run in clean installed
master with new CA overwrite?

e.g. master with CA and ldap all crashed with replication
servers but data aslo crashed...can it be use as restore using
the same hostname and rebuild the replication agreements with
others?

Hi,

yes, the doc explains how to restore in a multi-master environment:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/restore#restore-multiple-masters
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/restore#restore-multiple-masters>

HTH,
Flo

2018-03-01 15:19 GMT+08:00 Florence Blanc-Renaud <flo@redhat.com
<mailto:flo@redhat.com> <mailto:flo@redhat.com
<mailto:flo@redhat.com>>>:

   On 03/01/2018 12:10 AM, barrykfl--- via FreeIPA-users wrote:

   any ref. full backup.of 4.5?
   I only can found v3 . will it recover all cert ca related ? I
   tried such recover in v3 it seem it broken the
relationship of
   others agreement. or I missed the backup of some files.

   Hi,

   you can find the doc for 4.5 in
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore>
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore>>

   The full backup of a master with CA also contains the certs
and the CA.

   HTH,
   Flo

   is it possible to use very old vm image plus the
regular ldif
   backup recovery?

   2018年3月1日上午7:02 於 "Rob Crittenden"
<rcritten@redhat.com <mailto:rcritten@redhat.com>
   <mailto:rcritten@redhat.com
<mailto:rcritten@redhat.com>> <mailto:rcritten@redhat.com

<mailto:rcritten@redhat.com>

   <mailto:rcritten@redhat.com
<mailto:rcritten@redhat.com>>>> 寫道：

      barrykfl--- via FreeIPA-users wrote:
      > Hi all:
      >
      > any one has better solution of freeipa backup ?
assume
   all ldap
      db crash
      > ,all ca fail, no backup of cert ...etc but need
cleanly
   install
      one with
      > same hostname.
      >
      > and we have /usr/sbin/ipa-backup ldif backup .
      >
      > Can I use an old image but restore back ldif
such backup?
      >
      > or any better solution for clean install with
this ldif
   copy.

      If you have a full backup of a master with a CA
and have
   saved it
      off-machine and your machine dies then you can
re-install
   using the
      EXACT SAME OPTIONS.

      Then restore the backup. Then re-initialize all other
   masters (this
      should all be documented already).

      If you have only one master with a CA and it dies
and you
   have no
      backups then you are pretty much hosed at the moment.

      IPA is so much more than just an LDIF.

      _Could_ you use an LDIF to restore the data minus the
   certs? Yeah,
      probably, with a whole ton of work and expertise.
Would it
   be worth the
      trouble and would you ever fully trust that you
got it 100%
   right?

      The best solution is to maintain multiple masters
and > 1
   CA. If one
      dies then you delete it and provision a new
master. You can
   maintain the
      old name if you want.

      Or if you use VMs you can use disk snapshots to
maintain
   backups.

      rob

   _______________________________________________
   FreeIPA-users mailing list --
freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
   <mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>>
   To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
   <mailto:freeipa-users-leave@lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>>

_______________________________________________
FreeIPA-users mailing list --
freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org