diff options
-rwxr-xr-x | backupninja | 1 | ||||
-rw-r--r-- | changelog | 5 | ||||
-rw-r--r-- | etc/backup.d/example.ldap | 23 | ||||
-rw-r--r-- | handlers/ldap | 40 |
4 files changed, 60 insertions, 9 deletions
diff --git a/backupninja b/backupninja index a59d400..380ffcc 100755 --- a/backupninja +++ b/backupninja @@ -402,6 +402,7 @@ defaultwhen=$when getconf logfile /var/log/backupninja.log getconf usecolors "yes" getconf SLAPCAT /usr/sbin/slapcat +getconf LDAPSEARCH /usr/bin/ldapsearch getconf RDIFFBACKUP /usr/bin/rdiff-backup getconf MYSQL /usr/bin/mysql getconf MYSQLHOTCOPY /usr/bin/mysqlhotcopy @@ -1,3 +1,8 @@ +version 0.x -- xxxxxxxxxxxxx + ldap handler has new options: backup method to use (ldapsearch or + slapcat), restart, passwordfile and binddn. Default backup method + is set to ldapsearch as this is safer + version 0.5 -- April 12 2005 rdiff handler works when remote sshd has a banner rdiff handler supports local dest diff --git a/etc/backup.d/example.ldap b/etc/backup.d/example.ldap index 4491d12..ab48ad1 100644 --- a/etc/backup.d/example.ldap +++ b/etc/backup.d/example.ldap @@ -18,3 +18,26 @@ ## compress (default yes): if set to yes, ldif exports are gzipped. # compress = yes + +## restart (default no): if set to yes, slapd is restarted before backups are +## performed, and then started again after they have finished, this is necessary +## if your backend is ldbm and your method is slapcat, but unnecessary otherwise +# restart = no + +## method (default ldapsearch): either 'ldapsearch' or 'slapcat' +## ldapsearch is the safer method to do backups, but is slow, slapcat +## is much faster, but should not be done on an ldbm backend unless you have +## restart set to yes +# method = ldapsearch + +## passwordfile (no default): this should be set to the file that contains +## your ldap password, this is required for ldapsearch and not needed for slapcat +## this file should have no newlines in it, echo -n "password" > passfile works. +## NOTE: be sure to set the permissions on your password file appropriately +## (hint: world readable is not appropriate) +# passwordfile = + +## binddn (no default): set this to the DN of the user that the ldapsearch binds +## to, not needed for slapcat +# binddn = + diff --git a/handlers/ldap b/handlers/ldap index 9ead9d1..e789519 100644 --- a/handlers/ldap +++ b/handlers/ldap @@ -7,9 +7,10 @@ getconf conf /etc/ldap/slapd.conf getconf databases all getconf compress yes getconf ldif yes -getconf hotcopy no - -# hot copy is not yet supported +getconf restart no +getconf method ldapsearch +getconf passwordfile +getconf binddn status="ok" @@ -42,18 +43,39 @@ if [ "$ldif" == "yes" ]; then if [ "$dbsuffix" == "" ]; then continue; fi - touch $dumpdir/$dbsuffix.ldif - if [ ! -f $dumpdir/$dbsuffix.ldif ]; then - fatal "Couldn't create ldif dump file: $dumpdir/$dbsuffix.ldif" + + if [ "$method" == "slapcat" ]; then + execstr="$SLAPCAT -f $conf -b $dbsuffix" + if [ "$restart" == "yes" ]; then + debug "Shutting down ldap server..." + /etc/init.d/slapd stop + fi + debug "$execstr" + else + execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile" + [ -f "$passwordfile" ] || fatal "Password file $passwordfile not found" + if [ "$restart" == "yes" ]; then + debug "Shutting down ldap server..." + /etc/init.d/slapd stop + fi + debug "$execstr" fi - execstr="$SLAPCAT -f $conf -b $dbsuffix -l $dumpdir/$dbsuffix.ldif" - debug "$execstr" if [ ! $test ]; then - output=`$execstr` + + touch $dumpdir/$dbsuffix.ldif + if [ ! -f $dumpdir/$dbsuffix.ldif ]; then + fatal "Couldn't create ldif dump file: $dumpdir/$dbsuffix.ldif" + fi + + output=`$execstr > $dumpdir/$dbsuffix.ldif` code=$? if [ "$code" == "0" ]; then debug $output info "Successfully finished ldif export of $dbsuffix" + if [ "$restart" == "yes" ]; then + debug "Starting ldap server..." + /etc/init.d/slapd start + fi else warning $output warning "Failed ldif export of $dbsuffix" |