Restoring Security Database
05 March 2020 04:13 PM
When performing a Security database backup on one cluster and restoring on another cluster, there are precautionary measures to be taken.
Since MarkLogic Server version 4.1-5, the internal user IDs are derived from the hash of the user name when the user object is created. Thus, two user objects created on two different Security databases should have the same user ID if they are created with the same name. This makes it possible to restore a Security database from one environment to another.
However, we strongly recommend checking for the below conditions before restore in order to avoid any serious damage to the Security database.
Although the user IDs are derived from the hash of the username, the id's can be different in some cases:
Review all the above conditions before restoring the Security database.
Note: It is recommended that a backup of the security database from the new cluster is created and saved before performing the restore of a Security database from a different cluster.
Restoring from a different server version
When restoring the Security database from a backup made on an older version of ML server to a newer version of ML, a manual upgrade of the Security db is also required after the restore. Without this additional step, there is a mismatch between the server version and the security database version and some features will not work as expected. There will be issues with reindexing, query results,etc.
A security database upgrade can be done by navigating to Admin UI -> 'Support' tab -> click on 'Upgrade' button on the bottom right corner
Note that MarkLogic does not support restoring a backup made on a newer version of MarkLogic Server onto an older version of MarkLogic Server.
Restoring Security Database with different Certificate template content
If your AppServer is associated with Template and Security DB you intend to restore has different Template then to avoid lingering Template ID, we recommend that you detach AppServer to Template association for app servers(disabling SSL) prior to restoring security DB, please read - Security Database restore leading to lingering Certificate Template id in Config files