handlers/ldap.in

   1 # -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*-
   2 #
   3 # openldap backup handler script for backupninja
   4 #
   5
   6 getconf backupdir /var/backups/ldap
   7 getconf conf /etc/ldap/slapd.conf
   8 getconf databases all
   9 getconf compress yes
  10 getconf ldif yes
  11 getconf restart no
  12 getconf method ldapsearch
  13 getconf passwordfile
  14 getconf binddn
  15 getconf ldaphost
  16 getconf ssl yes
  17 getconf tls no
  18 getconf vsnames
  19
  20 if [ $ssl = 'yes' ]; then
  21    URLBASE="ldaps"
  22 else
  23    URLBASE="ldap"
  24 fi
  25
  26 ### VServers
  27 # If vservers are configured, check that the ones listed in $vsnames do exist.
  28 local usevserver=no
  29 if [ $vservers_are_available = yes ]; then
  30    if [ "$vsnames" = all ]; then
  31       vsnames="$found_vservers"
  32    else
  33       if ! vservers_exist "$vsnames" ; then
  34             fatal "At least one of the vservers listed in vsnames ($vsnames) does not exist."
  35       fi
  36    fi
  37    info "Using vservers '$vsnames'"
  38    usevserver=yes
  39 else
  40    [ -z "$vsnames" ] || warning 'vservers support disabled in backupninja.conf, vsnames configuration line will be ignored'
  41 fi
  42
  43 [ "$restart" = yes -a "$method" = ldapsearch ] && warning 'restart option should not be used with the ldapsearch method.'
  44
  45 status="ok"
  46
  47 function make_backup() {
  48    vsname="$1"
  49    if [ -z "$vsname" ]; then
  50       info "Running on host"
  51       vdir=""
  52       vexec=""
  53    else
  54       info "Running on vserver $vsname"
  55       vdir="$VROOTDIR/$vsname"
  56       vexec="$VSERVER $vsname exec"
  57    fi
  58
  59    dumpdir="`interpolate "$backupdir" "$vsname"`"
  60    info "Backing up to dir '$dumpdir'"
  61
  62    [ -f "$vdir$conf" ] || fatal "slapd config file ($conf) not found"
  63    [ -d "$dumpdir" ] || mkdir -p "$dumpdir"
  64    [ -d "$dumpdir" ] || fatal "Backup directory '$dumpdir'"
  65
  66    dbsuffixes=(`@AWK@ 'BEGIN {OFS=":"} /[:space:]*^database[:space:]*\w*/ {db=$2}; /^[:space:]*suffix[:space:]*\w*/ {if (db=="bdb"||db=="hdb"||db="ldbm") print db,$2}' $vdir$conf|@SED@ -e 's/[" ]//g'`)
  67
  68    ## LDIF DUMP
  69
  70    if [ "$ldif" == "yes" ]; then
  71       if [ "$databases" == 'all' ]; then
  72          dbcount=`grep '^database' "$vdir$conf" | wc -l`
  73          let "dbcount = dbcount - 1"
  74          databases=`seq 0 $dbcount`;
  75       fi
  76
  77       for db in $databases; do
  78          if [ `expr index "$db" "="` == "0" ]; then
  79                            # db is a number, get the suffix.
  80             dbsuffix=${dbsuffixes[$db]/*:/}
  81          else
  82             dbsuffix=$db
  83          fi
  84                    # some databases don't have suffix (like monitor), skip these
  85          if [ "$dbsuffix" == "" ]; then
  86             continue;
  87          fi
  88
  89          if [ "$method" == "slapcat" ]; then
  90             execstr="$SLAPCAT -f $conf -b $dbsuffix"
  91          else
  92             LDAPARGS=""
  93             if [ "$tls" == "yes" ]; then
  94                LDAPARGS="-ZZ"
  95             fi
  96             if [ -n "$ldaphost" ]; then
  97                execstr="$LDAPSEARCH $LDAPARGS -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
  98             else
  99                execstr="$LDAPSEARCH -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
 100             fi
 101             [ -f "$vdir$passwordfile" ] || fatal "Password file $vdir$passwordfile not found. When method is set to ldapsearch, you must also specify a password file."
 102             debug "$execstr"
 103          fi
 104          if [ ! $test ]; then
 105             if [ "$restart" == "yes" ]; then
 106                debug "Shutting down ldap server..."
 107                $vexec /etc/init.d/slapd stop
 108             fi
 109
 110             ext=
 111             if [ "$compress" == "yes" ]; then
 112                ext=".gz"
 113             fi
 114             touch "$dumpdir/$dbsuffix.ldif$ext"
 115             if [ ! -f "$dumpdir/$dbsuffix.ldif$ext" ]; then
 116                fatal "Couldn't create ldif dump file: $dumpdir/$dbsuffix.ldif$ext"
 117             fi
 118
 119             if [ "$compress" == "yes" ]; then
 120                execstr="$execstr | $GZIP > \"$dumpdir/$dbsuffix.ldif.gz\""
 121             else
 122                execstr="$execstr > \"$dumpdir/$dbsuffix.ldif\""
 123             fi
 124             # Run inside the vserver if needed
 125             execstr="$vexec $execstr"
 126             debug "$execstr"
 127             output=`su root -c "$execstr" 2>&1`
 128             code=$?
 129             if [ "$code" == "0" ]; then
 130                debug $output
 131                info "Successfully finished ldif export of $dbsuffix"
 132             else
 133                warning $output
 134                warning "Failed ldif export of $dbsuffix"
 135             fi
 136
 137             if [ "$restart" == "yes" ]; then
 138                debug "Starting ldap server..."
 139                $vexec /etc/init.d/slapd start
 140             fi
 141          fi
 142       done
 143    fi
 144 }
 145
 146 if [ $usevserver = yes ]; then
 147    for vserver in $vsnames; do
 148       make_backup "$vserver"
 149    done
 150 else
 151    make_backup ""
 152 fi
 153
 154 return 0