Knowledgebase:
Restoring Security Database
05 March 2020 04:13 PM

Summary

When performing a Security database backup on one cluster and restoring on another cluster, there are precautionary measures to be taken. 

Details

Since MarkLogic Server version 4.1-5,  the internal user IDs are derived from the hash of the user name when the user object is created. Thus, two user objects created on two different Security databases should have the same user ID if they are created with the same name. This makes it possible to restore a Security database from one environment to another.

However, we strongly recommend checking for the below conditions before restore in order to avoid any serious damage to the Security database. 

  • Ensure that both the environments are running the same MarkLogic Server versions and are on the same Operating System.
  • Verify that no Users, Roles or Amps have been added to the new cluster, that are not also present in the original cluster. Restoration of the Security database is a complete replacement, and any intentional differences in the two clusters will be lost.   Any applications using obsolete roles might become inaccessible.

Although the user IDs are derived from the hash of the username, the id's can be different in some cases:

  • If there is already was an existing user object with that id when a new user was created (i.e. hash collision)
  • The username was changed on an existing user object.

Review all the above conditions before restoring the Security database.

Note: It is recommended that a backup of the security database from the new cluster is created and saved before performing the restore of a Security database from a different cluster.

Restoring from a different server version

When restoring the Security database from a backup made on an older version of ML server to a newer version of ML, a manual upgrade of the Security db is also required after the restore. Without this additional step, there is a mismatch between the server version and the security database version and some features will not work as expected. There will be issues with reindexing, query results,etc.

A security database upgrade can be done by navigating to Admin UI -> 'Support' tab -> click on 'Upgrade' button on the bottom right corner

Note that MarkLogic does not support restoring a backup made on a newer version of MarkLogic Server onto an older version of MarkLogic Server.

Restoring Security Database with different Certificate template content

If your AppServer is associated with Template and Security DB you intend to restore has different Template then to avoid lingering Template ID, we recommend that you detach AppServer to Template association for app servers(disabling SSL) prior to restoring security DB, please read -  Security Database restore leading to lingering Certificate Template id in Config files 

 

 

 

 

(2 vote(s))
Helpful
Not helpful

Comments (0)