handlers/ldap.in

   1 # -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*-
   2 # vim: set filetype=sh sw=3 sts=3 expandtab autoindent:
   3 #
   4 # openldap backup handler script for backupninja
   5 #
   6
   7 getconf backupdir /var/backups/ldap
   8 getconf conf /etc/ldap/slapd.conf
   9 getconf databases all
  10 getconf compress yes
  11 getconf ldif yes
  12 getconf restart no
  13 getconf method ldapsearch
  14 getconf passwordfile
  15 getconf binddn
  16 getconf ldaphost
  17 getconf ssl yes
  18 getconf tls no
  19
  20 if [ $ssl = 'yes' ]; then
  21    URLBASE="ldaps"
  22 else
  23    URLBASE="ldap"
  24 fi
  25
  26 status="ok"
  27
  28 [ -f $conf ] || fatal "slapd config file ($conf) not found"
  29 [ -d $backupdir ] || mkdir -p $backupdir
  30 [ -d $backupdir ] || fatal "Backup directory '$backupdir'"
  31
  32 dbsuffixes=(`@AWK@ 'BEGIN {OFS=":"} /[:space:]*^database[:space:]*\w*/ {db=$2}; /^[:space:]*suffix[:space:]*\w*/ {if (db=="bdb"||db=="hdb"||db="ldbm") print db,$2}' $conf|@SED@ -e 's/[" ]//g'`)
  33
  34 ## LDIF DUMP
  35
  36 if [ "$ldif" == "yes" ]; then
  37    dumpdir="$backupdir"
  38    [ -d $dumpdir ] || mkdir -p $dumpdir
  39
  40    if [ "$databases" == 'all' ]; then
  41       dbcount=`grep '^database' $conf | wc -l`
  42       let "dbcount = dbcount - 1"
  43       databases=`seq 0 $dbcount`;
  44    fi
  45
  46    for db in $databases; do
  47       if [ `expr index "$db" "="` == "0" ]; then
  48                         # db is a number, get the suffix.
  49          dbsuffix=${dbsuffixes[$db]/*:/}
  50       else
  51          dbsuffix=$db
  52       fi
  53                 # some databases don't have suffix (like monitor), skip these
  54       if [ "$dbsuffix" == "" ]; then
  55          continue;
  56       fi
  57
  58       if [ "$method" == "slapcat" ]; then
  59          execstr="$SLAPCAT -f $conf -b $dbsuffix"
  60       else
  61          LDAPARGS=""
  62          if [ "$tls" == "yes" ]; then
  63             LDAPARGS="-ZZ"
  64          fi
  65          if [ -n "$ldaphost" ]; then
  66             execstr="$LDAPSEARCH $LDAPARGS -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
  67          else
  68             execstr="$LDAPSEARCH -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
  69          fi
  70          [ -f "$passwordfile" ] || fatal "Password file $passwordfile not found. When method is set to ldapsearch, you must also specify a password file."
  71          debug "$execstr"
  72       fi
  73       if [ ! $test ]; then
  74          if [ "$restart" == "yes" ]; then
  75             debug "Shutting down ldap server..."
  76             /etc/init.d/slapd stop
  77          fi
  78
  79          ext=
  80          if [ "$compress" == "yes" ]; then
  81             ext=".gz"
  82          fi
  83          touch $dumpdir/$dbsuffix.ldif$ext
  84          if [ ! -f $dumpdir/$dbsuffix.ldif$ext ]; then
  85             fatal "Couldn't create ldif dump file: $dumpdir/$dbsuffix.ldif$ext"
  86          fi
  87
  88          if [ "$compress" == "yes" ]; then
  89             execstr="$execstr | $GZIP > $dumpdir/$dbsuffix.ldif.gz"
  90          else
  91             execstr="$execstr > $dumpdir/$dbsuffix.ldif"
  92          fi
  93          debug "$execstr"
  94          output=`su root -c "$execstr" 2>&1`
  95          code=$?
  96          if [ "$code" == "0" ]; then
  97             debug $output
  98             info "Successfully finished ldif export of $dbsuffix"
  99          else
 100             warning $output
 101             warning "Failed ldif export of $dbsuffix"
 102          fi
 103
 104          if [ "$restart" == "yes" ]; then
 105             debug "Starting ldap server..."
 106             /etc/init.d/slapd start
 107          fi
 108       fi
 109    done
 110 fi
 111
 112 return 0