Ok, I tested the script on a live OD server and compared the resulting sparseimage with one that was created using the Server Admin GUI. (Using Lion Server)
Interestingly enough, I noticed that the backup file generated from the CLI (via Guru Evi's perl script) includes a couple of extra files that were not included in the Server Admin GUI backup. In particular, the additional files appear to be related to Kerberos.
Here's a screen shot showing the difference between the two:
Most notably is KerberosKDC.plist and krb5backup.tar.gz.
I have not yet tested restoring this file, as I will need to find a Mac that I can use as a test OD server, but so far looks like Guru Evi > Apple Support Engineers.
Thanks! If this proves true, then most of my OD nightmares are over. Why won't Apple reveal this information in the Administrator's Guide? And why would the Enterprise Support team there not share the superior CLI method of creating the OD backup??
Thanks to some help from Mike Bombich and this thread, I've put together this bash script for Open Directory backup (using opendirectorybackup), an OD backup backup (using serveradmin), and PostgreSQL backup (using pg_dumpall). This puts all the db backups in /private/var/backups, and keeps two-week-old sequential OD backups.
I don't know where I got the script from and it doesn't have any copyright information so I suppose it's public domain.
I might have written it a long time ago or someone else did but I have been using it since at least Feb 8 2008 (the create time says so) and if I remember correctly, it came from a Flash drive from another company I worked for which had OD systems on 10.3 which I integrated into Windows NT/2000 domain controllers.
It might've been an edit from another script that does something similar, it's really a simple script. The problem with Apple Support Engineers is that you need to engage the older ones, the ones that have been around since 10.2-10.3 because back then, everything needed to be manually scripted.
Guru, thanks for the script. I'm beginning to implement it in a testing environment I'm setting up before we grow our OD setup into multiple locations.
However, what is the process of restoring from these backups, including user passwords? I'm not really clear on that.
Thanks for any help in advance.
I do not know if you can help but I have time machine enabled and have backups. My Open Directory corrupted and I have been going all over the internet but I cannot see how to restore the OD from the backup. Do I have to do a full restore of the entire disk?
When I go into the Server App and turn on Open Directory it will let me go into the backup (under restore) but when I click 'continue' it opens the next branch of the directory. Once I get to file level everything is grayed out and cannot be selected.
I realize this is an old thread, but I've been researching this lately myself on Mavericks Server. For the sake of others seeing this for the first time, I wanted to point out that the OD sparseimage backup that Time Machine creates and the OD archive you can create manually from Server App's Open Directory window both contain the two Kerberos files. I looked at them both today, and the file lists are identical. I guess Apple fixed this at some point.
I am running Server App 3.2.2 on Mavericks 10.9.5.