├── ldap-backup ├── README.md └── ldap-restore /ldap-backup: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # title :ldap-backup 4 | # description :Perform LDAP backup on Zarafa server 5 | # author :Alexander Jackson - Jackson IT 6 | # date :20141017 7 | # version :0.1 8 | # usage :ldap-backup 9 | # notes :Save in /usr/local/sbin/ chown: root.root chmod: 500 10 | # bash_version :GNU bash, Version 4.2.37(1)-release (x86_64-pc-linux-gnu) 11 | # 12 | # Copyright 2014, Alexander Jackson 13 | # 14 | # This program is free software: you can redistribute it and/or modify 15 | # it under the terms of the GNU General Public License as published by 16 | # the Free Software Foundation, either version 3 of the License, or 17 | # (at your option) any later version. 18 | # 19 | # This program is distributed in the hope that it will be useful, 20 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 21 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 | # GNU General Public License at for 23 | # more details. 24 | # 25 | #============================================================================== 26 | TIMESTAMP=$(date +%Y%m%d-%H%M%S) 27 | BACKUP_PATH=/var/backups/ldap/${TIMESTAMP} 28 | echo 29 | echo + - - - LDAP-BACKUP ---------------------------------------------- - - - + 30 | echo 31 | echo " Creating backup at ${BACKUP_PATH}" 32 | mkdir -p ${BACKUP_PATH} 33 | /usr/bin/nice /usr/sbin/slapcat -n 0 > ${BACKUP_PATH}/config.ldif 34 | /usr/bin/nice /usr/sbin/slapcat -n 1 > ${BACKUP_PATH}/domain.ldif 35 | #/usr/bin/nice /usr/sbin/slapcat -n 2 > ${BACKUP_PATH}/access.ldif 36 | chmod 640 ${BACKUP_PATH}/*.ldif 37 | tar cpzf ${BACKUP_PATH}/etc_ldap.tgz /etc/ldap >/dev/null 2>&1 38 | tar cpzf ${BACKUP_PATH}/var_lib_ldap.tgz /var/lib/ldap >/dev/null 2>&1 39 | echo 40 | echo + - - - CREATED FILES -------------------------------------------- - - - + 41 | echo 42 | ls -ahl ${BACKUP_PATH} 43 | echo 44 | echo + - - - INFO ----------------------------------------------------- - - - + 45 | echo 46 | echo " Run ldap-restore to restore previous backups..." 47 | echo 48 | echo + - - - ----------------------------------------------------- DONE - - - + 49 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | **Preface** 2 | 3 | These scripts are currently beeing used to backup and restore the LDAP tree of an Zarafa Server. They have been tested to work with Debian Wheezy (64bit) and OpenLDAP with OLC (cn=config) configuration. 4 | 5 | 6 | 7 | **Copy and paste installation** 8 | 9 | ```bash 10 | wget --no-check-certificate https://raw.githubusercontent.com/alexanderjackson/ldap-backup-and-restore/master/ldap-backup -O /usr/local/sbin/ldap-backup 11 | wget --no-check-certificate https://raw.githubusercontent.com/alexanderjackson/ldap-backup-and-restore/master/ldap-restore -O /usr/local/sbin/ldap-restore 12 | chown root.root /usr/local/sbin/ldap-backup /usr/local/sbin/ldap-restore 13 | chmod 500 /usr/local/sbin/ldap-backup /usr/local/sbin/ldap-restore 14 | ``` 15 | 16 | 17 | **Installation** 18 | 19 | * Copy files to scripts to /usr/local/sbin/ 20 | * chown root.root /usr/local/sbin/ldap-backup /usr/local/sbin/ldap-restore 21 | * chmod 500 /usr/local/sbin/ldap-backup /usr/local/sbin/ldap-restore 22 | 23 | 24 | **Create backup with ldap-backup** 25 | 26 | Just run ldap-backup with root privileges. 27 | 28 | 29 | 30 | **This will get backed** 31 | 32 | * LDAP config data (slapcat -n 0) 33 | * LDAP DIT data (slapcat -n 1) 34 | * LDAP accesslog (slapcat -n 2) - Disabled by default 35 | * Folders: /etc/ldap and /var/lib/ldap 36 | 37 | Backups will get saved to /var/backups/ldap/$(date +%Y%m%d-%H%M%S) 38 | 39 | 40 | 41 | **Restore backup with ldap-restore** 42 | 43 | Just run ldap-restore with root priviliges but make sure you have a full backup before attempting to restore. Backing up with ldap-backup might not be sufficient enough. 44 | 45 | 46 | 47 | **How ldap-restore it works** 48 | 49 | * ldap-restore will show 7 existing backups to restore from. More Backups might be available at /var/lib/ldap-backup-$(date +%Y%m%d-%H%M%S)... 50 | * By default the latest backup will be preselected for restoration 51 | * You can overide the default selection by entering a different backup folder 52 | * Accept restoration with [y] or abort with [n] 53 | * The script will call ldap-backup before actually proceeding with the restoration 54 | * slapd will get stopped 55 | * The folder /etc/ldap/slapd.d will get copied to /etc/ldap/slapd.d-backup/$(date +%Y%m%d-%H%M%S) 56 | * The folder /var/lib/ldap will get copied to /var/lib/ldap-backup/$(date +%Y%m%d-%H%M%S) 57 | * The content of /var/lib/ldap/ will get deleted 58 | * config.ldif and domain.ldif from backup folder will get imported with slapadd 59 | * File ownership (openldap:openldap) on /var/lib/ldap/ and /etc/ldap/slapd.d/ will be preserved 60 | * slapd will get started 61 | 62 | If for whatever reason the restore attempt with ldap-restore fails, you can manually try to restore your LDAP server from the *.tgz packages within the backup folders (/var/lib/ldap-backup-$(date +%Y%m%d-%H%M%S)) created by ldap-backup. The *.tgz files are created by ldap-backup but are not used by ldap-restore. ldap-restore only tries to restore by reimporting config.ldif and domain.ldif. The *.tgz files are intended as a last resort if something goes wrong. Not sure if they really include everything for a desaster recovery. Also the folders where backed up while LDAP was actually running. Could this produce faulty backups? 63 | 64 | 65 | 66 | **Running backups automatically** 67 | 68 | Run as cronjob 69 | 70 | ```bash 71 | 15 0 * * * /usr/local/sbin/ldap-backup 72 | ``` 73 | 74 | 75 | **Houskeeping** 76 | 77 | If you are running ldap-backup via cronjob the folder /var/backups/ldap/ will just keep on filling. Therefor you should manually delete unneeded backups from time to time. 78 | 79 | Running ldap-restores creates additional backups under /etc/ldap/slapd.d-backup/ and /var/lib/ldap-backup/. Hopefully these folders are empty most of the time ;-) 80 | 81 | -------------------------------------------------------------------------------- /ldap-restore: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # title :ldap-restore 3 | # description :Perform LDAP restore on Zarafa server 4 | # author :Alexander Jackson - Jackson IT 5 | # date :20141017 6 | # version :0.1 7 | # usage :ldap-restore 8 | # notes :Save in /usr/local/sbin/ chown: root.root chmod: 500 9 | # bash_version :GNU bash, Version 4.2.37(1)-release (x86_64-pc-linux-gnu) 10 | # 11 | # Copyright 2014, Alexander Jackson 12 | # 13 | # This program is free software: you can redistribute it and/or modify 14 | # it under the terms of the GNU General Public License as published by 15 | # the Free Software Foundation, either version 3 of the License, or 16 | # (at your option) any later version. 17 | # 18 | # This program is distributed in the hope that it will be useful, 19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | # GNU General Public License at for 22 | # more details. 23 | # 24 | #============================================================================== 25 | TIMESTAMP=$(date +%Y%m%d-%H%M%S) 26 | BACKUP_PATH=/var/backups/ldap/ 27 | LATEST_BACKUP=$(ls -dt ${BACKUP_PATH}* | head -n 1) 28 | echo 29 | echo + - - - Listing the 7 newest backup folders-------- -------------- - - - + 30 | echo "+ - - - (more backups might be available...) --------------------- - - - +" 31 | echo 32 | ls -dthl ${BACKUP_PATH}* | head -n 6 33 | echo 34 | echo 35 | echo + - - - Select the backup folder from which to restore ----------- - - - + 36 | echo "+ - - - (newest backup selected by default) ---------------------- - - - +" 37 | echo 38 | read -e -p "Enter: [${LATEST_BACKUP}]" BACKUP_PATH 39 | BACKUP_PATH=${BACKUP_PATH:-$LATEST_BACKUP} 40 | echo 41 | echo 42 | echo Folder ${BACKUP_PATH} selected 43 | echo for the restoring procedure. 44 | echo 45 | echo 46 | echo + - - - Are you sure you want to continue? ----------------------- - - - + 47 | echo "+ - - - (you might seriously mess things up continuing) ---------- - - - +" 48 | echo 49 | echo 50 | read -p "Did you make separate backups? You've been warned! Proceed? [y/n] " -r 51 | echo 52 | if [[ $REPLY =~ ^[Yy]$ ]] 53 | then 54 | if [ -z '${BACKUP_PATH}' ]; 55 | then 56 | echo 57 | echo + - - - No backup folder provided. Aborting! --------------------- - - - + 58 | echo 59 | else 60 | echo 61 | echo + - - - Creating new backup with ldap-backup script -------------- - - - + 62 | echo "+ - - - (better safe than sorry ...) ----------------------------- - - - +" 63 | echo 64 | ldap-backup 65 | echo 66 | echo + - - - Restoring ------------------------------------------------ - - - + 67 | echo 68 | service slapd stop ; service slapd status # Failing is o.k. because service is down ... 69 | mkdir -p /etc/ldap/slapd.d-backup/ /var/lib/ldap-backup/ 70 | cp -a /etc/ldap/slapd.d/ /etc/ldap/slapd.d-backup/${TIMESTAMP} # Additional backup 71 | cp -a /var/lib/ldap/ /var/lib/ldap-backup/${TIMESTAMP} # Additional backup 72 | rm -r /etc/ldap/slapd.d/* /var/lib/ldap/* # Emptying folders 73 | slapadd -F /etc/ldap/slapd.d -n 0 -l ${BACKUP_PATH}/config.ldif # Import LDAP config 74 | slapadd -F /etc/ldap/slapd.d -n 1 -l ${BACKUP_PATH}/domain.ldif # Import DIT data 75 | # mkdir /var/lib/ldap/accesslog 76 | # slapadd -F /etc/ldap/slapd.d -n 2 -l ${BACKUP_PATH}/access.ldif 77 | chown -R openldap:openldap /etc/ldap/slapd.d/ /var/lib/ldap/ # Fixing ownership 78 | service slapd start ; service slapd status # Starting und testing slapd 79 | echo 80 | echo + - - - INFO ------------------------------------------------------ - - - + 81 | echo 82 | echo " Manual restore of /etc/ldap and /var/lib/ldap from *.tgz should" 83 | echo " be possible. Here the additional backup files from your" 84 | echo " selected backup folder ${BACKUP_PATH}:" 85 | echo 86 | ls ${BACKUP_PATH}/*.tgz 87 | echo 88 | echo " Two additional backups have been created before the restore attempt." 89 | echo " You can find theme at:" 90 | echo " 1. /etc/ldap/slapd.d-backup/${TIMESTAMP}" 91 | echo " 2. /var/lib/ldap-backup/${TIMESTAMP}" 92 | echo 93 | echo + - - - ------------------------------------------------------ DONE - - - + 94 | fi 95 | else 96 | echo Aborting! 97 | fi 98 | --------------------------------------------------------------------------------