handlers/ldap

   1 # -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*-
   2 #
   3 # openldap backup handler script for backupninja
   4 #
   5
   6 getconf backupdir /var/backups/ldap
   7 getconf conf /etc/ldap/slapd.conf
   8 getconf databases all
   9 getconf compress yes
  10 getconf ldif yes
  11 getconf restart no
  12 getconf method ldapsearch
  13 getconf passwordfile
  14 getconf binddn
  15 getconf ldaphost
  16 getconf tls yes
  17
  18 if [ $tls = 'yes' ]
  19    URLBASE="ldaps"
  20 else
  21    URLBASE="ldap"
  22 fi
  23
  24 status="ok"
  25
  26 [ -f $conf ] || fatal "slapd config file ($conf) not found"
  27 [ -d $backupdir ] || mkdir -p $backupdir
  28 [ -d $backupdir ] || fatal "Backup directory '$backupdir'"
  29
  30 dbsuffixes=(`awk 'BEGIN {OFS=":"} /[:space:]*^database[:space:]*\w*/ {db=$2}; /^[:space:]*suffix[:space:]*\w*/ {if (db=="bdb"||db=="ldbm") print db,$2}' $conf|sed -e 's/[" ]//g'`)
  31
  32 ## LDIF DUMP
  33
  34 if [ "$ldif" == "yes" ]; then
  35    dumpdir="$backupdir"
  36    [ -d $dumpdir ] || mkdir -p $dumpdir
  37
  38    if [ "$databases" == 'all' ]; then
  39       dbcount=`grep '^database' $conf | wc -l`
  40       let "dbcount = dbcount - 1"
  41       databases=`seq 0 $dbcount`;
  42    fi
  43
  44    for db in $databases; do
  45       if [ `expr index "$dbnum" "="` == "0" ]; then
  46                         # db is a number, get the suffix.
  47          dbsuffix=${dbsuffixes[$db]/*:/}
  48       else
  49          dbsuffix=$db
  50       fi
  51                 # some databases don't have suffix (like monitor), skip these
  52       if [ "$dbsuffix" == "" ]; then
  53          continue;
  54       fi
  55
  56       if [ "$method" == "slapcat" ]; then
  57          if [ "$compress" == "yes" ]; then
  58             execstr="$SLAPCAT -f $conf -b $dbsuffix | $GZIP"
  59          else
  60             execstr="$SLAPCAT -f $conf -b $dbsuffix"
  61          fi
  62          debug "$execstr"
  63       else
  64          if [ "$compress" == "yes" ]; then
  65             if [ -n "$ldaphost" ]
  66                execstr="$LDAPSEARCH -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile | $GZIP"
  67             else
  68                execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile | $GZIP"
  69             fi
  70          else
  71             if [ -n "$ldaphost" ]
  72                execstr="$LDAPSEARCH -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
  73             else
  74                execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
  75             fi
  76          fi
  77          [ -f "$passwordfile" ] || fatal "Password file $passwordfile not found. When method is set to ldapsearch, you must also specify a password file."
  78          debug "$execstr"
  79       fi
  80       if [ ! $test ]; then
  81          if [ "$restart" == "yes" ]; then
  82             debug "Shutting down ldap server..."
  83             /etc/init.d/slapd stop
  84          fi
  85
  86          touch $dumpdir/$dbsuffix.ldif
  87          if [ ! -f $dumpdir/$dbsuffix.ldif ]; then
  88             fatal "Couldn't create ldif dump file: $dumpdir/$dbsuffix.ldif"
  89          fi
  90
  91          if [ "$compress" == "yes" ]; then
  92             output=`$execstr > $dumpdir/$dbsuffix.ldif.gz`
  93          else
  94             output=`$execstr > $dumpdir/$dbsuffix.ldif`
  95          fi
  96          code=$?
  97          if [ "$code" == "0" ]; then
  98             debug $output
  99             info "Successfully finished ldif export of $dbsuffix"
 100          else
 101             warning $output
 102             warning "Failed ldif export of $dbsuffix"
 103          fi
 104
 105          if [ "$restart" == "yes" ]; then
 106             debug "Starting ldap server..."
 107             /etc/init.d/slapd start
 108          fi
 109       fi
 110    done
 111 fi
 112
 113 return 0