{"id":49,"date":"2022-06-30T15:03:50","date_gmt":"2022-06-30T13:03:50","guid":{"rendered":"https:\/\/untanux.lt\/?p=49"},"modified":"2022-06-30T15:03:50","modified_gmt":"2022-06-30T13:03:50","slug":"backup-restore-openldap","status":"publish","type":"post","link":"https:\/\/untanux.lt\/?p=49","title":{"rendered":"Backup-Restore OpenLDAP"},"content":{"rendered":"\n

Backup-Restore OpenLDAP<\/h2>\n\n\n\n

If we have OpenLDAP running just the way we want, it is time to ensure we can save all of our work and restore it as needed.<\/p>\n\n\n\n

What we need is a way to backup the directory database(s), specifically the configuration backend (cn=config<\/em>) and the DIT (dc=example,dc=com<\/em>). If we are going to backup those databases into, say, \/export\/backup<\/code>, we could use slapcat<\/em> as shown in the following script, called \/usr\/local\/bin\/ldapbackup<\/code>:<\/p>\n\n\n\n

#!\/bin\/bash\n\nset -e\n\nBACKUP_PATH=\/export\/backup\nSLAPCAT=\/usr\/sbin\/slapcat\n\nnice ${SLAPCAT} -b cn=config > ${BACKUP_PATH}\/config.ldif\nnice ${SLAPCAT} -b dc=example,dc=com > ${BACKUP_PATH}\/example.com.ldif\nchown root:root ${BACKUP_PATH}\/*\nchmod 600 ${BACKUP_PATH}\/*.ldif<\/strong>\n<\/code><\/pre>\n\n\n\n
Note<\/strong><\/p>
These files are uncompressed text files containing everything in your directory including the tree layout, usernames, and every password. So, you might want to consider making \/export\/backup<\/code> an encrypted partition and even having the script encrypt those files as it creates them. Ideally you should do both, but that depends on your security requirements.<\/p><\/blockquote>\n\n\n\n
Then, it is just a matter of having a cron script to run this program as often as you feel comfortable with. For many, once a day suffices. For others, more often is required. Here is an example of a cron script called \/etc\/cron.d\/ldapbackup<\/code> that is run every night at 22:45h:<\/p>\n\n\n\n
MAILTO=backup-emails@domain.com\n45 22 * * *  root    \/usr\/local\/bin\/ldapbackup<\/strong>\n<\/code><\/pre>\n\n\n\n
Now the files are created, they should be copied to a backup server.<\/p>\n\n\n\n
Assuming we did a fresh reinstall of ldap, the restore process could be something like this:<\/p>\n\n\n\n
#!\/bin\/bash\n\nset -e\n\nBACKUP_PATH=\/export\/backup\nSLAPADD=\/usr\/sbin\/slapadd\n\nif [ -n \"$(ls -l \/var\/lib\/ldap\/* 2>\/dev\/null)\" -o -n \"$(ls -l \/etc\/ldap\/slapd.d\/* 2>\/dev\/null)\" ]; then\n    echo Run the following to remove the existing db:\n    echo sudo systemctl stop slapd.service\n    echo sudo rm -rf \/etc\/ldap\/slapd.d\/* \/var\/lib\/ldap\/*\n    exit 1\nfi\nsudo systemctl stop slapd.service || :\nsudo slapadd -F \/etc\/ldap\/slapd.d -b cn=config -l \/export\/backup\/config.ldif\nsudo slapadd -F \/etc\/ldap\/slapd.d -b dc=example,dc=com -l \/export\/backup\/example.com.ldif\nsudo chown -R openldap:openldap \/etc\/ldap\/slapd.d\/\nsudo chown -R openldap:openldap \/var\/lib\/ldap\/\nsudo systemctl start slapd.service<\/strong>\n<\/code><\/pre>\n\n\n\n
Original text found here: https:\/\/ubuntu.com\/server\/docs\/service-ldap-backup-restore<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Backup-Restore OpenLDAP If we have OpenLDAP running just the way we want, it is time to ensure we can save all of our work and restore it as needed. What we need is a way to backup the directory database(s), specifically the configuration backend (cn=config) and the DIT (dc=example,dc=com). If we are going to backup […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-49","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/untanux.lt\/index.php?rest_route=\/wp\/v2\/posts\/49","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/untanux.lt\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/untanux.lt\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/untanux.lt\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/untanux.lt\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=49"}],"version-history":[{"count":0,"href":"https:\/\/untanux.lt\/index.php?rest_route=\/wp\/v2\/posts\/49\/revisions"}],"wp:attachment":[{"href":"https:\/\/untanux.lt\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=49"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/untanux.lt\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=49"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/untanux.lt\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=49"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}