MyTechReference - Technical Notes

by IDAMGroup

NetIQ Access Manager and IDM Backup Best Practices

Backing up NetIQ IDM and Access Manager involves different components and will be discussed below

  • eDirectory
  • IDM Driver
  • UserAppliation
  • User Application Workflow’s
  • Access Manager

eDirectory Backup

Different ways to take eDirectory backup

  • eMBox
  • DSBK
  • Full directory Backup
  • If Virtual Instance: VM snaphot



The Novell® eDirectory™ Management Toolbox (eMBox) lets you access all of the eDirectory backend utilities remotely as well as on the server

For all eDirectory Management Tools (eMTools)—such as Backup, DSRepair, DSMerge, Schema Operations, and eDirectory Service Manager—to run, eMBox must be loaded and running on the
eDirectory server

 # . /opt/novell/eDirectory/bin/ndspath
Running eMBox from eDirectory
wdhidm01:/etc/opt/novell # edirutil 
*******************  Novell eMBox Command Line Client (1.1)  ******************* Interactive mode: interactively run eMBox commands one at a time    -i


eMbox through Command line

  The eMBox Client is a command line Java client that gives you access to eMBox tools such as the eDirectory Backup eMTool. You can back up, restore, and configure roll-forward logging for multiple servers from a single machine

You can do all sort of thing using eMbox client likfe, Full backup, incremental, roll-forwarded, cold backup etc.

You can take backup from any remote machine which has the eMboxClient.jar file

To take backup from eDirectory server

  • Login to server
login -s -p 8009 -u admin.mytechref -w mypassword
  • Execute the backup
backup -b -f backup_filename_and_path -l backup_log_filename_and_path -u include_file_filename_and_path -t -w

To take backup from Remote machine for unattended backups

  • Install the eMboxClient.jar and run the below command
java -cp path/eMBoxClient.jar embox -s <server_name> -p port_number -u username.context -w password -t backup.backup -b -f backup_filename_and_path -l backup_log_filename_and_path -u include_file_filename_and_path -t -w
/opt/novell/eDirectory/lib/nds-modules/jre/bin./java -cp  /opt/novell/eDirectory/lib/nds-modules/embox/eMBoxClient.jar embox -s 4444 -u admin.mytechref -w xxxx -t Mytechref -b -f /opt/bkup/eDirectory.bkup -l /opt/bkup/eDirectory.log –t -w

Backup using iManager

 Select the Server object and provide the ip address of the server and click Next to continue


 Provide user credentials


Provide the backup and log file locations


If you like to back up the files






 Successful backup completion messages displays




DSBK is a thin command line parser that performs eDirectory Backup, and lets you to initiate a backup from the server console without having to log in first or set up Role-Based Services


  • -t: Takes the backup of stream files.
  • -w: Overwrites any existing backup file with same name.
  • -b: Performs a full backup.
  • -e <password>: Performs a NICI backup using the password provided.
dsbk backup -b -f<bkup_filename>.bkp -l<backup_log_filename>.log -t -w

You can turn on the RFL using the following command:

setconfig -r <roll forward log directory> -L


Full eDirectory backup

eDirectory installation locations are /etc/opt/novell /opt/novell /var/opt/novell Take backup of these 3 directories then

  • /opt/bkup# tar -cvf etc-opt-novell.tar /etc/opt/novell
  • /opt/bkup# tar -cvf opt-novell.tar /opt/novell
  • /opt/bkup# tar -cvf var-opt-novell.tar /var/opt/novell

eDirectory backup using VM Snapshot

Take VM snaphost of your eDirectory VM server instance


User Application backup

It is always good practice to take entire directory backup before making any changes to IDM.war files

tar -cvf  /opt/bkup/opt-novell-idm-jboss.tar /opt/novell/idm/jboss

Make sure to take backup of the database if it is residing on different server


Take User application VM instance backup


User Application Workflow backup

The User Application workflow’s can be back up separately. The above step will backup the entire User Application, where as if you want to restore only the specific workflow this would be the better way

 Designer would be the easiest and simple way to backup the workflow.


IDM Driver backup

IDM driver backup can be taken in two methods

  • Designer
  • iManager


Using Designer

Open the project and make sure imported the latest update from eDirectory

Right Click on the driver –> Export to configuration file  and save as XML file.

 Using iManager

iManager  -> Identity Manager Overview



Select the Driver you want to take backup. Example ADDriver

mytechref_423 (2)


 Click on the Export button



 Click Next


 Leave the default option and click next




Click Save AS button to export the configuration file


Novell Access Manager Backup

Novell Access Manager configration are store in the embedded edirectory in the Admin Console. So by taking the backup of the Admin console configuration store should be sufficient to restore.

ADM1:/opt/novell/devman/bin # ./
          N o v e l l   A c c e s s   M a n a g e r
   C o n f i g u r a t i o n   B a c k u p   U t i l i t y

Enter the Access Manager Administration password []:
Re-enter the password for verification []:
Enter the path where backup files should be stored [/root/nambkup]:
The directoy /root/nambkup is invalid or does not exist.
Should an attempt be made to create the directory(y/n)? y
--- Enter a password for encrypting/decrypting the data
--- NOTE: You must use the same password for both backup and restore.
--- Private key encryption password []:
--- Re-enter the password for verification []:

Backing up configuration...
Backing up certificates...
  adding: securnam_20140528_1437.ldif (deflated 24%)
  adding: delegatedusers_list (stored 0%)
  adding: policyviewusers_list (stored 0%)
  adding: devman.cacerts (deflated 22%)
  adding: devman.keystore (deflated 24%)
  adding: .keystore (deflated 24%)
  adding: nam.keystore (deflated 40%)
  adding: backup_info (deflated 5%)
  adding: server.xml (deflated 64%)

Backup Complete
Backup file:
  Configuration and Certificate information:   /root/nambkup/

-rw-r--r-- 1 root root 1819652 May 28 14:37 /root/nambkup/
Log file for this backup is /var/log/nidp_backup_20140528_1437.log

Note: For security reasons, users in the trusted/config store are not backed up. Admin will have to recreate them while restoring. For details, go through the documentation.

ADM1:/opt/novell/devman/bin # Backup-ed file will be store in this location /root/nambkup/

If any thing happened with Access Gateway or Identity Server you can use ./ to restore the last backup-ed configuration.


Disclaimer: Content posted here worked for me and may not guarantee success, should be used as reference only and please use it cautiously.