OnWorks Linux and Windows Online WorkStations

Logo

Free Hosting Online for WorkStations

< Previous | Contents | Next >

1.12. Backup and Restore


Now we have ldap running just the way we want, it is time to ensure we can save all of our work and restore it as needed.


What we need is a way to backup the ldap database(s), specifically the backend (cn=config) and frontend (dc=example,dc=com). If we are going to backup those databases into, say, /export/backup, we could use slapcat as shown in the following script, called /usr/local/bin/ldapbackup:


#!/bin/bash


BACKUP_PATH=/export/backup SLAPCAT=/usr/sbin/slapcat


nice ${SLAPCAT} -n 0 > ${BACKUP_PATH}/config.ldif

nice ${SLAPCAT} -n 1 > ${BACKUP_PATH}/example.com.ldif nice ${SLAPCAT} -n 2 > ${BACKUP_PATH}/access.ldif chmod 640 ${BACKUP_PATH}/*.ldif

image

These files are uncompressed text files containing everything in your ldap databases including the tree layout, usernames, and every password. So, you might want to consider making /export/ backup an encrypted partition and even having the script encrypt those files as it creates them.

Ideally you should do both, but that depends on your security requirements.


Then, it is just a matter of having a cron script to run this program as often as we feel comfortable with. For many, once a day suffices. For others, more often is required. Here is an example of a cron script called /etc/ cron.d/ldapbackup that is run every night at 22:45h:


[email protected]

45 22 * * * root /usr/local/bin/ldapbackup


Now the files are created, they should be copied to a backup server.


Assuming we did a fresh reinstall of ldap, the restore process could be something like this:


image

19 http://manpages.ubuntu.com/manpages/en/man1/ldapmodifygroup.1.html

20 http://manpages.ubuntu.com/manpages/en/man1/ldapdeletemachine.1.html

21 http://manpages.ubuntu.com/manpages/en/man1/ldaprenamegroup.1.html

22 http://manpages.ubuntu.com/manpages/en/man1/ldapaddmachine.1.html

23 http://manpages.ubuntu.com/manpages/en/man1/ldapmodifymachine.1.html

24 http://manpages.ubuntu.com/manpages/en/man1/ldapsetprimarygroup.1.html

25 http://manpages.ubuntu.com/manpages/en/man1/ldapdeleteuser.1.html



sudo systemctl stop slapd.service sudo mkdir /var/lib/ldap/accesslog

sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /export/backup/config.ldif sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /export/backup/domain.com.ldif sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /export/backup/access.ldif sudo chown -R openldap:openldap /etc/ldap/slapd.d/

sudo chown -R openldap:openldap /var/lib/ldap/ sudo systemctl start slapd.service


  

 

< Previous | Contents | Next >

  

Top OS Cloud Computing at OnWorks: