lib/tools.in(maketemp): really remove insecure fall-back if mktemp is missing, since...
[matthijs/upstream/backupninja.git] / handlers / ldap.in
1 # -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*-
2 #
3 # openldap backup handler script for backupninja
4 #
5
6 getconf backupdir /var/backups/ldap
7 getconf conf /etc/ldap/slapd.conf
8 getconf databases all
9 getconf compress yes
10 getconf ldif yes
11 getconf restart no
12 getconf method ldapsearch
13 getconf passwordfile
14 getconf binddn
15 getconf ldaphost
16 getconf ssl yes
17 getconf tls no
18
19 if [ $ssl = 'yes' ]; then
20    URLBASE="ldaps"
21 else
22    URLBASE="ldap"
23 fi
24
25 status="ok"
26
27 [ -f $conf ] || fatal "slapd config file ($conf) not found"
28 [ -d $backupdir ] || mkdir -p $backupdir
29 [ -d $backupdir ] || fatal "Backup directory '$backupdir'"
30
31 dbsuffixes=(`@AWK@ 'BEGIN {OFS=":"} /[:space:]*^database[:space:]*\w*/ {db=$2}; /^[:space:]*suffix[:space:]*\w*/ {if (db=="bdb"||db=="hdb"||db="ldbm") print db,$2}' $conf|@SED@ -e 's/[" ]//g'`)
32
33 ## LDIF DUMP
34
35 if [ "$ldif" == "yes" ]; then
36    dumpdir="$backupdir"
37    [ -d $dumpdir ] || mkdir -p $dumpdir
38    
39    if [ "$databases" == 'all' ]; then
40       dbcount=`grep '^database' $conf | wc -l`
41       let "dbcount = dbcount - 1"
42       databases=`seq 0 $dbcount`;
43    fi   
44    
45    for db in $databases; do
46       if [ `expr index "$db" "="` == "0" ]; then
47                         # db is a number, get the suffix.
48          dbsuffix=${dbsuffixes[$db]/*:/}
49       else
50          dbsuffix=$db
51       fi
52                 # some databases don't have suffix (like monitor), skip these
53       if [ "$dbsuffix" == "" ]; then
54          continue;
55       fi
56       
57       if [ "$method" == "slapcat" ]; then
58          execstr="$SLAPCAT -f $conf -b $dbsuffix"
59       else
60          LDAPARGS=""
61          if [ "$tls" == "yes" ]; then
62             LDAPARGS="-ZZ"
63          fi
64          if [ -n "$ldaphost" ]; then
65             execstr="$LDAPSEARCH $LDAPARGS -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
66          else
67             execstr="$LDAPSEARCH -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
68          fi
69          [ -f "$passwordfile" ] || fatal "Password file $passwordfile not found. When method is set to ldapsearch, you must also specify a password file."
70          debug "$execstr"
71       fi
72       if [ ! $test ]; then
73          if [ "$restart" == "yes" ]; then
74             debug "Shutting down ldap server..."
75             /etc/init.d/slapd stop
76          fi
77          
78          ext=
79          if [ "$compress" == "yes" ]; then
80             ext=".gz"
81          fi
82          touch $dumpdir/$dbsuffix.ldif$ext
83          if [ ! -f $dumpdir/$dbsuffix.ldif$ext ]; then
84             fatal "Couldn't create ldif dump file: $dumpdir/$dbsuffix.ldif$ext"
85          fi
86          
87          if [ "$compress" == "yes" ]; then
88             execstr="$execstr | $GZIP > $dumpdir/$dbsuffix.ldif.gz"
89          else
90             execstr="$execstr > $dumpdir/$dbsuffix.ldif"
91          fi
92          debug "$execstr"
93          output=`su root -c "$execstr" 2>&1`
94          code=$?
95          if [ "$code" == "0" ]; then
96             debug $output
97             info "Successfully finished ldif export of $dbsuffix"
98          else
99             warning $output
100             warning "Failed ldif export of $dbsuffix"
101          fi
102          
103          if [ "$restart" == "yes" ]; then
104             debug "Starting ldap server..."
105             /etc/init.d/slapd start
106          fi
107       fi
108    done 
109 fi
110
111 return 0