Archive Open Directory data in macOS Server
You archive and restore Open Directory data using the Server app or the command line. To archive or restore a copy of your Open Directory data using the command line, use the slapconfig command. You can archive a copy of the data while the Open Directory master is in service.
The following files are archived:
The LDAP directory database (includes password data) and configuration files
Kerberos configuration files
Keychain data needed by Open Directory
Archives are used only by Open Directory masters. If a replica develops a problem, you can remove it as a replica from the Open Directory master, set up the replica as if it were a new server, then set it up again as a replica of the same master.
Important: Carefully safeguard the archive media that contains a copy of the Open Directory password database, the Kerberos database, and the Kerberos keytab file. The archive contains sensitive information. Your security precautions for the archive media should be as stringent as those for the Open Directory master server.
Archive Open Directory data using the Server app
In the Server app
sidebar, select Open Directory.Click Servers.
Click
and choose Archive Open Directory Master.In the Archive File field, enter or choose the path to the folder where you want the Open Directory data archived.
Enter a password for the archive, then click Next.
Confirm your settings, then click Archive.
Restore Open Directory data using the Server app
In the Server app
sidebar, select Open Directory.Turn Open Directory on.
Select “Restore Open Directory domain from an archive,” then click Next.
In the Archive File field, enter or choose the path to the Open Directory archive file.
Enter the password for the archive, then click Next.
Click Restore.