Search This Blog

Thursday 30 July 2015

Configuring Data Protector with LDAP

I was happily following the instructions in the Installation guide when I hit a problem: the baseCtxDN that I needed to use had a space in it (OU=Acme Corp) and the Jboss interface doesn't seem to allow you to enter a value with a space in it.

The first step (on Windows) is:


jboss-cli.bat --file=ldapinit.cli

This modified C:\ProgramData\Omniback\config\server\appserver\standalone.xml . It is possible to edit this file by hand. In this case I had to log into Active Directory as the user dpuser, with a password of "Password-whatever".

I searched for the following:
  <login-module code="LdapExtended" flag="optional">

Then I added the following the lines:

<module-option name="java.naming.provider.url" value="ldap://ldap.acme.com/"/>
<module-option name="bindDN" value="cn=dpuser,OU=Users,OU=Acme Corp,DC=acme,DC=com"/>
<module-option name="bindCredential" value="Password-whatever"/>
<module-option name="rolesCtxDN" value="OU=Groups,OU=Acme Corp,DC=acme,DC=com"/>
<module-option name="baseCtxDN" value="OU=Users,OU=Acme Corp,DC=acme,DC=com"/>
<module-option name="baseFilter" value="(sAMAccountName={0})"/>

There's something wrong with the rolesCtxDN, though, as this lets me control LDAP users, but not LDAP groups. That is, if I have a line:

"" "gregb" "@LDAP_USER" * "admin"

in the UserList file, I can log in with my credentials. But if I replace that with

"" "Administrators" "@LDAP_GROUP" * "admin"

(which is what I really wanted to do), then on login I get a message about "insufficient privileges". Good enough for now, but I'll have to revisit this.

Greg Baker is an independent consultant who happens to do a lot of work on HP DataProtector. He is the author of the only published books on HP Data Protector (http://www.ifost.org.au/books/#dp). He works with HP and HP partner companies to solve the hardest big-data problems (especially around backup). See more at IFOST's DataProtector pages at http://www.ifost.org.au/dataprotector

Tuesday 28 July 2015

Backing up NFS mounted filesystems

By default, Data Protector pretends that NFS mounts don't exist. You won't see them when you browse the mounted filesystems of a client machine in the backup specification UI. If you select the whole machine for backup, NFS volumes will be ignored.

The file to control this is /opt/omni/lbin/.util.
  • For a Linux box acting as the NFS client, look at line 372. You will see the command-line options being passed to df -P listing the different types of filesystems that Data Protector is interested in. Simply add -t nfs anywhere in this.
  • For an HP-UX box, look at line 366. You will see an awk statement matching the output from mount against vxfs, hfs, lofs or hsmfs. Simply add an alternative ^nfs|.
  • For other platforms, try to find which pattern match in the case statement around those lines happens to match your operating system.
Be aware that many Unix boxes have an automounter for /net or /nfs so that any user simply changing directory into a subdirectory of them is sufficient for an NFS mount event to happen; and if you had requested a whole machine backup, then Data Protector will back all of them up to.

What would be really nice is to be able to exclude automounted directories, but include NFS mounts. I doesn't look too hard to do, but I haven't had anyone request this. Any takers?

Also, there's a very good chance that any changes you make to /opt/omni/lbin/.util will be over-written on the next patch or upgrade.


Greg Baker is an independent consultant who happens to do a lot of work on HP DataProtector. He is the author of the only published books on HP Data Protector (http://www.ifost.org.au/books/#dp). He works with HP and HP partner companies to solve the hardest big-data problems (especially around backup). See more at IFOST's DataProtector pages at http://www.ifost.org.au/dataprotector

Thursday 23 July 2015

How to make restore sessions not disappear

A client asked me today to help out with an auditing problem. They need to show to their auditors that they have demonstrated the ability to recover from a backup regularly.

But by default, Data Protector removes any restore session older than 30 days.

The magic variable is KeepObsoleteSessions and it is in /etc/opt/omni/server/options/globals (or on Windows C:\ProgramData\omniback\config\server\options\global or some variation depending on where you installed it).

I set KeepObsoleteSessions=3650, which means that they will still see their restore sessions 10 years from today.

Of course, they will also see barcode scanning sessions, backup sessions without media and various other irrelevant sessions, but they are happy with that.

Greg Baker is an independent consultant who happens to do a lot of work on HP DataProtector. He is the author of the only published books on HP Data Protector (http://www.ifost.org.au/books/#dp). He works with HP and HP partner companies to solve the hardest big-data problems (especially around backup). See more at IFOST's DataProtector pages at http://www.ifost.org.au/dataprotector

Thursday 16 July 2015

Data Protector books in PDF format for Europe; also it's now possible to buy them (anywhere) using Bitcoin

Apparently folks in Europe having been having problems buying my books through Distribly; presumably this is related to EU VAT.

As an experiment I have set up a breathtakingly ugly Shopify store for Data Protector books which should work for anyone, anywhere. It accepts Paypal (and hopefully therefore European credit cards as well). It also accepts Bitcoin -- contact me for a discount code to get 50% off while I test this capability.

The books I've put there are:

I'm not expecting anyone will be interested in the old book on Data Protector 8 (you should buy one of the v9 books instead as it will be almost entirely applicable). Also, I haven't heard of any problems for anyone wanting to buy A Better Practices Guide for Populating a CMDB in PDF from Europe, so I haven't put that on the store either. (Let me know if you need it.)

The links to buy for Kindle, on paper or through Distribly are unchanged: http://www.ifost.org.au/books

Greg Baker is an independent consultant who happens to do a lot of work on HP DataProtector. He is the author of the only published books on HP Data Protector (http://www.ifost.org.au/books/#dp). He works with HP and HP partner companies to solve the hardest big-data problems (especially around backup). See more at IFOST's DataProtector pages at http://www.ifost.org.au/dataprotector