By William Sescu

.
By accident, it could happen that someone dropped an OUD entry in your replicated environment and of course, the entry is deleted on all replicas as well. And besides that, you got no logical ldif export of your OUD. Not a good situation, but if you have a done regular backups, there is a way out without resetting the whole OUD environment to an old timestamp.

The idea is, to create a second empty OUD instance, restore only the Context which is needed, export the entry as ldif and import it again into your current replicated OUD.

Let’s suppose, we have lost the following OUD entry:

Distinguished Name: cn=dbit122_ldap,cn=OracleContext,dc=william,dc=dbi,dc=com

To recover it, follow these steps:

  1. Create new OUD instance
  2. Create suffix
  3. Stop OUD instance asinst_2
  4. Restore the correct dc
  5. Start OUD instance asinst_2
  6. Export entry from asinst_2
  7. Import entry into asinst_1
  8. Cleanup asinst_2

1. Create new OUD instance

[dbafmw@dbidg01 ~]$ cd /u01/app/oracle/product/Middleware/11.1.2.3/Oracle_OUD1
[dbafmw@dbidg01 Oracle_OUD1]$
[dbafmw@dbidg01 Oracle_OUD1]$ ./oud-setup --cli --baseDN dc=dbi,dc=com --addBaseEntry --adminConnectorPort 5444 --ldapPort 2389 
> --rootUserDN cn=Directory Manager --rootUserPasswordFile ~/.oudpwd 
> --ldapsPort 2636 --generateSelfSignedCertificate 
> --hostname dbidg01 --integration generic 
> --serverTuning -Xms2048m -Xmx2048m -d64 -XX:+UseCompressedOops -server -XX:MaxTenuringThreshold=1 -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=55 
> --offlineToolsTuning -Xms2048m -Xmx2048m -d64 -XX:+UseCompressedOops -server -XX:+UseParallelGC -XX:+UseNUMA 
> --no-prompt --noPropertiesFile
OUD Instance location successfully created - /u01/app/oracle/product/Middleware/11.1.2.3/Oracle_OUD1/../asinst_2"

Oracle Unified Directory 11.1.2.3.170718
Please wait while the setup program initializes...

See /u01/app/oracle/product/Middleware/11.1.2.3/asinst_2/OUD/logs/oud-setup
for a detailed log of this operation.

Configuring Directory Server ..... Done.
Configuring Certificates ..... Done.
Creating Base Entry dc=dbi,dc=com ..... Done.
Preparing the server for Oracle integration ....... Done.
Starting Directory Server ....... Done.
Creating Net Services suffixes ..... Done.

To see basic server configuration status and configuration you can launch
/u01/app/oracle/product/Middleware/11.1.2.3/asinst_2/OUD/bin/status


The new OUD instance was started automatically.


[dbafmw@dbidg01 bin]$ /u01/app/oracle/product/Middleware/11.1.2.3/asinst_2/OUD/bin/status


>>>> Specify Oracle Unified Directory LDAP connection parameters

Administrator user bind DN [cn=Directory Manager]:

Password for user 'cn=Directory Manager':

          --- Server Status ---
Server Run Status:        Started
Open Connections:         1

          --- Server Details ---
Host Name:                dbidg01
Administrative Users:     cn=Directory Manager
Installation Path:
/u01/app/oracle/product/Middleware/11.1.2.3/Oracle_OUD1
Instance Path:
/u01/app/oracle/product/Middleware/11.1.2.3/asinst_2/OUD
Version:                  Oracle Unified Directory 11.1.2.3.170718
Java Version:             1.7.0_151
Administration Connector: Port 5444 (LDAPS)

          --- Connection Handlers ---
Address:Port : Protocol : State
-------------:----------:---------
--           : LDIF     : Disabled
0.0.0.0:161  : SNMP     : Disabled
0.0.0.0:1689 : JMX      : Disabled
0.0.0.0:2389 : LDAP     : Enabled
0.0.0.0:2636 : LDAPS    : Enabled

          --- Data Sources ---
Base DN:     cn=OracleContext
Backend ID:  OIDCompatibility
Entries:     26
Replication: Disabled

Base DN:     cn=OracleContext,dc=dbi,dc=com
Backend ID:  OracleContext0
Entries:     17
Replication: Disabled

Base DN:     cn=OracleSchemaVersion
Backend ID:  OIDCompatibility
Entries:     3
Replication: Disabled

Base DN:     cn=virtual acis
Backend ID:  virtualAcis
Entries:     0
Replication: Disabled

Base DN:     dc=dbi,dc=com
Backend ID:  userRoot
Entries:     1
Replication: Disabled

[dbafmw@dbidg01 bin]$

2. Create suffix

[dbafmw@dbidg01 bin]$ pwd
/u01/app/oracle/product/Middleware/11.1.2.3/asinst_2/OUD/bin

[dbafmw@dbidg01 bin]$ ./manage-suffix create --baseDN "dc=william,dc=dbi,dc=com" 
> --entries base-entry --integration Generic 
> --hostname localhost --port 5444 
> --bindDN cn="Directory Manager" --bindPasswordFile ~/.oudpwd 
> --trustAll --no-prompt
Reading Configuration ..... Done.

Creating suffixes ..... Done.

Adding Data ..... Done.

Updating Oracle Integration ..... Done.
[dbafmw@dbidg01 bin]$

3. Stop OUD instance asinst_2

[dbafmw@dbidg01 bin]$ pwd
/u01/app/oracle/product/Middleware/11.1.2.3/asinst_2/OUD/bin
[dbafmw@dbidg01 bin]$ ./stop-ds
Stopping Server...

[10/Aug/2017:11:10:34 +0200] category=BACKEND severity=NOTICE msgID=9896306 msg=The backend cn=OIDCompatibility,cn=Workflow Elements,cn=config is now taken offline
[10/Aug/2017:11:10:34 +0200] category=BACKEND severity=NOTICE msgID=9896306 msg=The backend cn=OracleContext for dc=william,dc=dbi,dc=com,cn=Workflow elements,cn=config is now taken offline
[10/Aug/2017:11:10:35 +0200] category=BACKEND severity=NOTICE msgID=9896306 msg=The backend cn=OracleContext0,cn=Workflow elements,cn=config is now taken offline
[10/Aug/2017:11:10:35 +0200] category=BACKEND severity=NOTICE msgID=9896306 msg=The backend cn=userRoot,cn=Workflow Elements,cn=config is now taken offline
[10/Aug/2017:11:10:35 +0200] category=BACKEND severity=NOTICE msgID=9896306 msg=The backend cn=userRoot-0,cn=Workflow elements,cn=config is now taken offline
[10/Aug/2017:11:10:35 +0200] category=BACKEND severity=NOTICE msgID=9896306 msg=The backend cn=virtualAcis,cn=Workflow Elements,cn=config is now taken offline
[10/Aug/2017:11:10:35 +0200] category=CORE severity=NOTICE msgID=458955 msg=The Directory Server is now stopped

4. Restore the correct dc

[dbafmw@dbidg01 bin]$ pwd
/u01/app/oracle/product/Middleware/11.1.2.3/asinst_2/OUD/bin
[dbafmw@dbidg01 bin]$ ./restore --listBackups --backupDirectory="/u99/backup/OUD/20170810/OracleContext for dc=william,dc=dbi,dc=com"
Backup ID:          20170810085118Z
Backup Date:        10/Aug/2017:10:51:18 +0200
Is Incremental:     false
Is Compressed:      true
Is Encrypted:       false
Has Unsigned Hash:  false
Has Signed Hash:    false
Dependent Upon:     none

[dbafmw@dbidg01 bin]$ ./restore --dry-run --backupDirectory="/u99/backup/OUD/20170810/OracleContext for dc=william,dc=dbi,dc=com"
[10/Aug/2017:11:19:47 +0200] category=JEB severity=NOTICE msgID=8847444 msg=Verifying: 00000000.jdb

[dbafmw@dbidg01 bin]$ ./restore  --backupDirectory="/u99/backup/OUD/20170810/OracleContext for dc=william,dc=dbi,dc=com"
[10/Aug/2017:11:20:11 +0200] category=JEB severity=NOTICE msgID=8847445 msg=Restored: 00000000.jdb (size 114414)

5. Start OUD instance asinst_2

[dbafmw@dbidg01 bin]$ pwd
/u01/app/oracle/product/Middleware/11.1.2.3/asinst_2/OUD/bin
[dbafmw@dbidg01 bin]$ ./start-ds
[10/Aug/2017:11:20:30 +0200] category=CORE severity=INFORMATION msgID=132 msg=The Directory Server is beginning the configuration bootstrapping process
[10/Aug/2017:11:20:31 +0200] category=CORE severity=NOTICE msgID=458886 msg=Oracle Unified Directory 11.1.2.3.170718 (build 20170621135318Z, R1706210545) starting up
[10/Aug/2017:11:20:34 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381717 msg=Installation Directory:  /u01/app/oracle/product/Middleware/11.1.2.3/Oracle_OUD1
[10/Aug/2017:11:20:34 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381719 msg=Instance Directory:      /u01/app/oracle/product/Middleware/11.1.2.3/asinst_2/OUD
[10/Aug/2017:11:20:34 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381713 msg=JVM Information: 1.7.0_151-b15 by Oracle Corporation, 64-bit architecture, 2130051072 bytes heap size
[10/Aug/2017:11:20:34 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381714 msg=JVM Host: dbidg01, running Linux 4.1.12-94.5.7.el7uek.x86_64 amd64, 5986422784 bytes physical memory size, number of processors available 2
[10/Aug/2017:11:20:34 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381715 msg=JVM Arguments: "-Xms2048m", "-Xmx2048m", "-XX:+UseCompressedOops", "-XX:MaxTenuringThreshold=1", "-XX:+UseConcMarkSweepGC", "-XX:CMSInitiatingOccupancyFraction=55", "-Dorg.opends.server.scriptName=start-ds"
[10/Aug/2017:11:20:34 +0200] category=ACCESS_CONTROL severity=INFORMATION msgID=12582978 msg=Added 11 Global Access Control Instruction (ACI) attribute types to the access control evaluation engine
[10/Aug/2017:11:20:34 +0200] category=BACKEND severity=INFORMATION msgID=9437595 msg=Local DB backend OracleContext0 does not specify the number of lock tables: defaulting to 97
[10/Aug/2017:11:20:34 +0200] category=BACKEND severity=INFORMATION msgID=9437594 msg=Local DB backend OracleContext0 does not specify the number of cleaner threads: defaulting to 24 threads
[10/Aug/2017:11:20:34 +0200] category=BACKEND severity=INFORMATION msgID=9437615 msg=Local DB backend OracleContext0 does not specify the percentage of the heap space to allocate to the database cache: defaulting to 35 percent
[10/Aug/2017:11:20:34 +0200] category=BACKEND severity=INFORMATION msgID=9437613 msg=Local DB backend OracleContext0 does not specify the size of the file handle cache: sizing automatically to use 100 file descriptors
[10/Aug/2017:11:20:35 +0200] category=JEB severity=NOTICE msgID=8847402 msg=The database backend cn=OracleContext0,cn=Workflow elements,cn=config containing 17 entries has started
[10/Aug/2017:11:20:35 +0200] category=ACCESS_CONTROL severity=INFORMATION msgID=12582962 msg=Added 5 Access Control Instruction (ACI) attribute types found in context "cn=OracleContext,dc=dbi,dc=com" to the access control evaluation engine
[10/Aug/2017:11:20:35 +0200] category=BACKEND severity=INFORMATION msgID=9437595 msg=Local DB backend virtualAcis does not specify the number of lock tables: defaulting to 97
[10/Aug/2017:11:20:35 +0200] category=JEB severity=NOTICE msgID=8847402 msg=The database backend cn=virtualAcis,cn=Workflow Elements,cn=config containing 0 entries has started
[10/Aug/2017:11:20:35 +0200] category=BACKEND severity=INFORMATION msgID=9437595 msg=Local DB backend userRoot-0 does not specify the number of lock tables: defaulting to 97
[10/Aug/2017:11:20:35 +0200] category=BACKEND severity=INFORMATION msgID=9437594 msg=Local DB backend userRoot-0 does not specify the number of cleaner threads: defaulting to 24 threads
[10/Aug/2017:11:20:35 +0200] category=BACKEND severity=INFORMATION msgID=9437615 msg=Local DB backend userRoot-0 does not specify the percentage of the heap space to allocate to the database cache: defaulting to 35 percent
[10/Aug/2017:11:20:35 +0200] category=BACKEND severity=INFORMATION msgID=9437613 msg=Local DB backend userRoot-0 does not specify the size of the file handle cache: sizing automatically to use 100 file descriptors
[10/Aug/2017:11:20:35 +0200] category=JEB severity=NOTICE msgID=8847402 msg=The database backend cn=userRoot-0,cn=Workflow elements,cn=config containing 1 entries has started
[10/Aug/2017:11:20:35 +0200] category=BACKEND severity=INFORMATION msgID=9437595 msg=Local DB backend OracleContext for dc=william,dc=dbi,dc=com does not specify the number of lock tables: defaulting to 97
[10/Aug/2017:11:20:35 +0200] category=BACKEND severity=INFORMATION msgID=9437594 msg=Local DB backend OracleContext for dc=william,dc=dbi,dc=com does not specify the number of cleaner threads: defaulting to 24 threads
[10/Aug/2017:11:20:35 +0200] category=BACKEND severity=INFORMATION msgID=9437615 msg=Local DB backend OracleContext for dc=william,dc=dbi,dc=com does not specify the percentage of the heap space to allocate to the database cache: defaulting to 35 percent
[10/Aug/2017:11:20:35 +0200] category=BACKEND severity=INFORMATION msgID=9437613 msg=Local DB backend OracleContext for dc=william,dc=dbi,dc=com does not specify the size of the file handle cache: sizing automatically to use 100 file descriptors
[10/Aug/2017:11:20:35 +0200] category=JEB severity=NOTICE msgID=8847402 msg=The database backend cn=OracleContext for dc=william,dc=dbi,dc=com,cn=Workflow elements,cn=config containing 18 entries has started
[10/Aug/2017:11:20:35 +0200] category=ACCESS_CONTROL severity=INFORMATION msgID=12582962 msg=Added 5 Access Control Instruction (ACI) attribute types found in context "cn=OracleContext,dc=william,dc=dbi,dc=com" to the access control evaluation engine
[10/Aug/2017:11:20:35 +0200] category=BACKEND severity=INFORMATION msgID=9437595 msg=Local DB backend userRoot does not specify the number of lock tables: defaulting to 97
[10/Aug/2017:11:20:35 +0200] category=BACKEND severity=INFORMATION msgID=9437594 msg=Local DB backend userRoot does not specify the number of cleaner threads: defaulting to 24 threads
[10/Aug/2017:11:20:35 +0200] category=BACKEND severity=INFORMATION msgID=9437615 msg=Local DB backend userRoot does not specify the percentage of the heap space to allocate to the database cache: defaulting to 35 percent
[10/Aug/2017:11:20:35 +0200] category=BACKEND severity=INFORMATION msgID=9437613 msg=Local DB backend userRoot does not specify the size of the file handle cache: sizing automatically to use 100 file descriptors
[10/Aug/2017:11:20:35 +0200] category=JEB severity=NOTICE msgID=8847402 msg=The database backend cn=userRoot,cn=Workflow Elements,cn=config containing 1 entries has started
[10/Aug/2017:11:20:36 +0200] category=BACKEND severity=INFORMATION msgID=9437595 msg=Local DB backend OIDCompatibility does not specify the number of lock tables: defaulting to 97
[10/Aug/2017:11:20:36 +0200] category=BACKEND severity=INFORMATION msgID=9437594 msg=Local DB backend OIDCompatibility does not specify the number of cleaner threads: defaulting to 24 threads
[10/Aug/2017:11:20:36 +0200] category=BACKEND severity=INFORMATION msgID=9437615 msg=Local DB backend OIDCompatibility does not specify the percentage of the heap space to allocate to the database cache: defaulting to 35 percent
[10/Aug/2017:11:20:36 +0200] category=BACKEND severity=INFORMATION msgID=9437613 msg=Local DB backend OIDCompatibility does not specify the size of the file handle cache: sizing automatically to use 100 file descriptors
[10/Aug/2017:11:20:36 +0200] category=JEB severity=NOTICE msgID=8847402 msg=The database backend cn=OIDCompatibility,cn=Workflow Elements,cn=config containing 29 entries has started
[10/Aug/2017:11:20:36 +0200] category=ACCESS_CONTROL severity=INFORMATION msgID=12582962 msg=Added 10 Access Control Instruction (ACI) attribute types found in context "cn=OracleContext" to the access control evaluation engine
[10/Aug/2017:11:20:36 +0200] category=ACCESS_CONTROL severity=INFORMATION msgID=12582962 msg=Added 1 Access Control Instruction (ACI) attribute types found in context "cn=OracleSchemaVersion" to the access control evaluation engine
[10/Aug/2017:11:20:36 +0200] category=EXTENSIONS severity=INFORMATION msgID=1048797 msg=DIGEST-MD5 SASL mechanism using a server fully qualified domain name of: dbidg01
[10/Aug/2017:11:20:36 +0200] category=CORE severity=INFORMATION msgID=731 msg=LDAP Connection Handler 0.0.0.0 port 2389 does not specify the number of request handler threads: sizing automatically to use 8 threads
[10/Aug/2017:11:20:36 +0200] category=CORE severity=INFORMATION msgID=731 msg=LDAP Connection Handler 0.0.0.0 port 2636 does not specify the number of request handler threads: sizing automatically to use 8 threads
[10/Aug/2017:11:20:36 +0200] category=CORE severity=INFORMATION msgID=720 msg=No worker queue thread pool size specified: sizing automatically to use 24 threads
[10/Aug/2017:11:20:36 +0200] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on Administration Connector 0.0.0.0 port 5444
[10/Aug/2017:11:20:36 +0200] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on LDAP Connection Handler 0.0.0.0 port 2389
[10/Aug/2017:11:20:36 +0200] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on LDAP Connection Handler 0.0.0.0 port 2636
[10/Aug/2017:11:20:36 +0200] category=CORE severity=NOTICE msgID=458887 msg=The Directory Server has started successfully
[10/Aug/2017:11:20:36 +0200] category=CORE severity=NOTICE msgID=458891 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, alert ID 458887):  The Directory Server has started successfully

6. Export entry from asinst_2

Now let’s check if we got our entry “cn=dbit122_ldap,cn=OracleContext,dc=william,dc=dbi,dc=com” back.

[dbafmw@dbidg01 bin]$ ./ldapsearch --hostname localhost --port 2389 --bindDN "cn=Directory Manager" 
> --bindPasswordFile ~/.oudpwd --baseDN "cn=OracleContext,dc=william,dc=dbi,dc=com" "(cn=dbit122_ldap)" objectclass orclNetDescString orclNetDescName orclVersion
dn: cn=dbit122_ldap,cn=OracleContext,dc=william,dc=dbi,dc=com
orclNetDescName: 000_cn=DESCRIPTION_0
orclNetDescString: (DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=dbidg
 01)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=dbidg02)(PORT=1521)))(CONNECT_DATA=
 (SERVICE_NAME=DBIT122_PRI)))
objectclass: orclNetService
objectclass: top

Looks good, so we can create the ldif now.

[dbafmw@dbidg01 bin]$ ./ldapsearch --hostname localhost --port 2389 --bindDN "cn=Directory Manager" --bindPasswordFile 
> ~/.oudpwd --baseDN "cn=OracleContext,dc=william,dc=dbi,dc=com" "(cn=dbit122_ldap)" objectclass 
> orclNetDescString orclNetDescName orclVersion > /tmp/dbit122.ldif

[dbafmw@dbidg01 bin]$ cat /tmp/dbit122.ldif
dn: cn=dbit122_ldap,cn=OracleContext,dc=william,dc=dbi,dc=com
orclNetDescName: 000_cn=DESCRIPTION_0
orclNetDescString: (DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=dbidg
 01)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=dbidg02)(PORT=1521)))(CONNECT_DATA=
 (SERVICE_NAME=DBIT122_PRI)))
objectclass: orclNetService
objectclass: top

7. Import the entry into asinst_1 (this is the replicated OUD environment)

[dbafmw@dbidg01 bin]$ pwd
/u01/app/oracle/product/Middleware/11.1.2.3/asinst_1/OUD/bin

[dbafmw@dbidg01 bin]$ ./ldapmodify --defaultAdd --filename /tmp/dbit122.ldif --hostname dbidg01 --port 1389 
> --bindDN "cn=Directory Manager" --bindPasswordFile ~/.oudpwd
Processing ADD request for cn=dbit122_ldap,cn=OracleContext,dc=william,dc=dbi,dc=com
ADD operation successful for DN cn=dbit122_ldap,cn=OracleContext,dc=william,dc=dbi,dc=com

8. Cleanup asinst_2

[dbafmw@dbidg01 OUD]$ pwd
/u01/app/oracle/product/Middleware/11.1.2.3/asinst_2/OUD
[dbafmw@dbidg01 OUD]$ ./uninstall --cli --remove-all

The server is currently running and must be stopped before uninstallation can
continue.
Stop the Server and permanently delete the files? (yes / no) [yes]: yes

Stopping Directory Server ..... Done.
Deleting Files under the Installation Path ..... Done.

Uninstall Completed Successfully.
See /tmp/oud-uninstall-4049143346007549356.log for a detailed log of this operation.
[dbafmw@dbidg01 OUD]$

Ready, we got our entry back, and even cleaned up the leftovers from the temporary OUD instance asinst_2.

Conclusion

Loosing entries from your replicated OUD environment is not the end of the world. If you have good backups, you can create anytime a new OUD instance and recover only the Context that you need.

Post Views: 621
Thumbnail [60x60]
by
Oracle Team