Online vs Offline Backup: Key Differences, Advantages, and Step-by-Step Implementation (with 389 Directory Server Example)

  • Technical How To's
  • Online vs Offline Backup: Key Differences, Advantages, and Step-by-Step Implementation (with 389 Directory Server Example)

1. Why Backup Type Matters

Whether you’re running a 389 Directory Server, a database, or any mission-critical service, backup is not just “making a copy.”
The backup method directly affects:

  • Data integrity
  • System availability
  • Recovery time
  • Compliance (GDPR, ISO, audits)

This is why understanding online (hot) and offline (cold) backup approaches is essential for every system administrator.

2. What Is an Online Backup?

Definition:
An online backup is created while the system or database is running and accepting connections or writes. It allows continuous service availability during the backup process.

2.1. How It Works

  • The service (for example, dirsrv@slapd-yourinstance) remains active.
  • You use an export command or built-in utility (like db2ldif in 389 DS) without stopping the instance.
  • The server internally manages locking and data consistency.

2.2. Advantages

  • Zero downtime – users continue authenticating or accessing services.
  • Ideal for production systems.
  • Can be automated using cron jobs, Ansible, or CI/CD pipelines.

2.3. Disadvantages

  • ⚠️ More complex – data consistency depends on how the backup tool handles live writes.
  • ⚠️ Performance impact – backup processes can slightly slow down the system.
  • ⚠️ May not capture all in-flight changes if misconfigured.

2.4. Example – 389 Directory Server Online Backup

db2ldif -Z slapd-yourinstance -n userRoot -a /backup/ldap-$(date +%F)-online.ldif
  • -Z = instance name
  • -n = database name (e.g., userRoot)
  • Output = LDIF file for recovery or migration
    This command can safely run while the server is online.

3. What Is an Offline Backup?

Definition:
An offline backup is created after stopping the service, ensuring that no files are being modified during the backup process.

3.1. How It Works

  1. Stop the service:
    systemctl stop dirsrv@slapd-yourinstance
  2. Copy key directories (database, configuration, logs):
    cp -a /var/lib/dirsrv/slapd-yourinstance /backup/
cp -a /etc/dirsrv/slapd-yourinstance /backup/
  3. Start the service again:
    systemctl start dirsrv@slapd-yourinstance

3.2. Advantages

  • Maximum data consistency – no active writes during backup.
  • Simpler – just copy files or create a compressed archive.
  • Reliable for full system restoration.

3.3. Disadvantages

  • ⚠️ Downtime required – users cannot log in or access LDAP during backup.
  • ⚠️ Needs maintenance windows (nighttime, weekends).
  • ⚠️ Not ideal for 24/7 systems.

4. Online vs Offline Backup – Comparison Table

FeatureOnline Backup (Hot)Offline Backup (Cold)
Service AvailabilityService stays onlineService must be stopped
Data ConsistencyGood (depends on tool)Excellent (static files)
ComplexityHigherLower
DowntimeNone / minimalYes
Recommended ForProduction, critical systemsMaintenance, base snapshots
Performance ImpactPossibleNone

5. When to Use Each Backup Type

5.1. Choose Online Backup When:

  • You manage a central LDAP used by systems like Rancher, GitLab, or Dovecot.
  • Downtime is unacceptable.
  • You need frequent backups (e.g., hourly or daily LDIF exports).

5.2. Choose Offline Backup When:

  • Performing upgrades or migrations.
  • Preparing for disaster recovery.
  • You have a scheduled maintenance window.
  • You want a full copy, including configuration and schema.

6. Best Practice: Combine Both

For maximum safety and flexibility, use a hybrid strategy:

FrequencyTypeDescription
DailyOnline backup (LDIF export)Lightweight, fast, minimal impact
WeeklyOffline backupFull consistent copy, including config
Before upgradesOffline backup + VM snapshotGuarantees complete rollback point

This way you can restore single LDAP entries quickly (from LDIF) or recover the entire instance if corruption occurs.

7. Step-by-Step Implementation (Example for 389 Directory Server)

7.1. Automate Online Backups with Cron

  1. Create the script /usr/local/sbin/ldap-online-backup.sh:
    #!/bin/bash
INSTANCE="slapd-yourinstance"
DBNAME="userRoot"
BACKUP_DIR="/var/backups/ldap"
mkdir -p "$BACKUP_DIR"

FILE="${BACKUP_DIR}/ldap-${INSTANCE}-${DBNAME}-$(date +%F_%H-%M)-online.ldif"

db2ldif -Z "$INSTANCE" -n "$DBNAME" -a "$FILE"
find "$BACKUP_DIR" -type f -mtime +7 -delete
  2. Make it executable:
    chmod +x /usr/local/sbin/ldap-online-backup.sh
  3. Schedule via cron (e.g., every hour):
    0 * * * * root /usr/local/sbin/ldap-online-backup.sh

7.2. Perform a Weekly Offline Backup

  1. Stop the directory instance:
    systemctl stop dirsrv@slapd-yourinstance
  2. Copy key folders:
    BACKUP_BASE=/var/backups/ldap-offline/$(date +%F)
mkdir -p $BACKUP_BASE

cp -a /etc/dirsrv/slapd-yourinstance $BACKUP_BASE/etc/
cp -a /var/lib/dirsrv/slapd-yourinstance $BACKUP_BASE/varlib/
cp -a /var/log/dirsrv/slapd-yourinstance $BACKUP_BASE/logs/
  3. Restart the service:
    systemctl start dirsrv@slapd-yourinstance
  4. Compress the backup:
    tar czf /var/backups/ldap-offline-$(date +%F).tar.gz -C $BACKUP_BASE .

8. Restoration: Why Backup Type Matters

  • If you used an LDIF (online) backup → restore logically:
    ldif2db -Z slapd-yourinstance -n userRoot -i /path/to/backup.ldif

    Useful for restoring specific users, groups, or entries.

  • If you used an offline (file-based) backup → restore physically:
    Replace /var/lib/dirsrv/slapd-yourinstance and /etc/dirsrv/slapd-yourinstance, then restart the service.

In short:

  • Online backup = logical restore
  • Offline backup = full restore

9. Common Mistakes to Avoid

  1. 🔴 Relying on only one backup type
  2. 🔴 Never testing restore procedures
  3. 🔴 Forgetting to back up configuration files (like dse.ldif)
  4. 🔴 Keeping backups on the same server (ransomware risk)
  5. 🔴 No documentation or schedule tracking

10. FAQ – Frequently Asked Questions

1. Which backup type is safer?
Offline backups are more consistent, but online backups are more practical for continuous services.

2. Can I run online backups daily?
Yes. For example, LDIF exports in 389 DS can run every few hours with minimal overhead.

3. Can I use VM snapshots instead of offline backups?
Yes, but it’s safer to take snapshots when the service is stopped to avoid data corruption.

4. Are online/offline backups specific to 389 Directory Server?
No — the same concepts apply to databases, mail servers, and any application with live data.

11. Conclusion

  • Online backup = always-on systems, no downtime, slightly more complex.
  • Offline backup = full data integrity, but requires maintenance downtime.
  • Best approach: combine both for a resilient data protection plan.

For environments like 389 Directory Server, where authentication and identity management are critical, this hybrid backup model ensures business continuity while keeping your data safe and consistent.

This article is inspired by real-world challenges we tackle in our projects. If you're looking for expert solutions or need a team to bring your idea to life,

Let's talk!

    Please fill your details, and we will contact you back

    Related Posts

    In:

    How to Change “localhost” in Capacitor iOS Location Permission Prompt

    In:

    Troubleshooting File Upload Vulnerabilities in Web Applications: A Guide

    In:

    How to Convert a byte[] to URI in Java 8 — Step-by-Step Guide

      Please fill your details, and we will contact you back