To backup an OpenAM configuration you should both back up the physical files and export the configuration. It would also be a good practice to schedule a regular LDIF dump of the configuration LDAP server tree. Info to follow.
Ypu should come up with file system path standards for your OpenAM and OpenDJ installations that include a standard for the configuration directory other than the default.
If the name of the server was “testam”, this would translate to:
Use tar to backup these files to an appropriate place.
tar -czf /data/backup/testam-server.tgz testam
Exporting an OpenAM configuration is performed using the ssoadm utility (see my post on OpenAM Tools for where to get this).
ssoadm export-svc-config -e XXXXXXXXXXXXXXXXXXXXXXXXXX -u amAdmin -f $OPENAM_HOME/config/pwd.txt -o /data/backup/openam/server-node1-cfg.xml
“-e” is the password encryption key for the subject server. See Keys in OpenAM for where to find it.
“-u” is the administrative user, usually amAdmin.
“-f” is the full path to the admin user’s password file. “$OPENAM_HOME” is an environment variable I set with my own standard “openam.env” file in the application server system user’s home directory (in my case “tomcat6”).
“-o” is the full path to the export file.
When backing up, you should substitute the actual server name for “node1” to keep your exports straight (for example, “server-testam-cfg.xml”).
Dumping the configuration LDAP server tree would be performed using the ldapsearch command:
ldapsearch -h test.example.com -p 1389 -D "cn=directory manager" -w xxxxxxxx -b "dc=opensso,dc=java,dc=net" -s sub "(objectclass=*)" >/data/backup/opendj/testam-server.ldif
The ldapsearch command used is what ships with OpenDJ. In my builds I create a ds-app1.env file in the opendj system user’s home that can be used to automatically put this in your path when sourced.