handlers/ldap.in

   1 # -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*-
   2 #
   3 # openldap backup handler script for backupninja
   4 #
   5
   6 getconf backupdir /var/backups/ldap
   7 getconf conf /etc/ldap/slapd.conf
   8 getconf databases all
   9 getconf compress yes
  10 getconf ldif yes
  11 getconf restart no
  12 getconf method ldapsearch
  13 getconf passwordfile
  14 getconf binddn
  15 getconf ldaphost
  16 getconf tls yes
  17
  18 if [ $tls = 'yes' ]; then
  19    URLBASE="ldaps"
  20 else
  21    URLBASE="ldap"
  22 fi
  23
  24 status="ok"
  25
  26 [ -f $conf ] || fatal "slapd config file ($conf) not found"
  27 [ -d $backupdir ] || mkdir -p $backupdir
  28 [ -d $backupdir ] || fatal "Backup directory '$backupdir'"
  29
  30 dbsuffixes=(`@AWK@ 'BEGIN {OFS=":"} /[:space:]*^database[:space:]*\w*/ {db=$2}; /^[:space:]*suffix[:space:]*\w*/ {if (db=="bdb"||db=="ldbm") print db,$2}' $conf|@SED@ -e 's/[" ]//g'`)
  31
  32 ## LDIF DUMP
  33
  34 if [ "$ldif" == "yes" ]; then
  35    dumpdir="$backupdir"
  36    [ -d $dumpdir ] || mkdir -p $dumpdir
  37
  38    if [ "$databases" == 'all' ]; then
  39       dbcount=`grep '^database' $conf | wc -l`
  40       let "dbcount = dbcount - 1"
  41       databases=`seq 0 $dbcount`;
  42    fi
  43
  44    for db in $databases; do
  45       if [ `expr index "$db" "="` == "0" ]; then
  46                         # db is a number, get the suffix.
  47          dbsuffix=${dbsuffixes[$db]/*:/}
  48       else
  49          dbsuffix=$db
  50       fi
  51                 # some databases don't have suffix (like monitor), skip these
  52       if [ "$dbsuffix" == "" ]; then
  53          continue;
  54       fi
  55
  56       if [ "$method" == "slapcat" ]; then
  57          execstr="$SLAPCAT -f $conf -b $dbsuffix"
  58       else
  59          if [ -n "$ldaphost" ]; then
  60             execstr="$LDAPSEARCH -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
  61          else
  62             execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
  63          fi
  64          [ -f "$passwordfile" ] || fatal "Password file $passwordfile not found. When method is set to ldapsearch, you must also specify a password file."
  65          debug "$execstr"
  66       fi
  67       if [ ! $test ]; then
  68          if [ "$restart" == "yes" ]; then
  69             debug "Shutting down ldap server..."
  70             /etc/init.d/slapd stop
  71          fi
  72
  73          ext=
  74          if [ "$compress" == "yes" ]; then
  75             ext=".gz"
  76          fi
  77          touch $dumpdir/$dbsuffix.ldif$ext
  78          if [ ! -f $dumpdir/$dbsuffix.ldif$ext ]; then
  79             fatal "Couldn't create ldif dump file: $dumpdir/$dbsuffix.ldif$ext"
  80          fi
  81
  82          if [ "$compress" == "yes" ]; then
  83             execstr="$execstr | $GZIP > $dumpdir/$dbsuffix.ldif.gz"
  84          else
  85             execstr="$execstr > $dumpdir/$dbsuffix.ldif"
  86          fi
  87          debug "$execstr"
  88          output=`su root -c "$execstr" 2>&1`
  89          code=$?
  90          if [ "$code" == "0" ]; then
  91             debug $output
  92             info "Successfully finished ldif export of $dbsuffix"
  93          else
  94             warning $output
  95             warning "Failed ldif export of $dbsuffix"
  96          fi
  97
  98          if [ "$restart" == "yes" ]; then
  99             debug "Starting ldap server..."
 100             /etc/init.d/slapd start
 101          fi
 102       fi
 103    done
 104 fi
 105
 106 return 0