Ubuntu Server Guide Changes, errors and bugs
Download 1.27 Mb. Pdf ko'rish
|
ubuntu-server-guide
|
Backup and Restore
Now we have ldap running just the way we want, it is time to ensure we can save all of our work and restore it as needed. What we need is a way to backup the directory database(s), specifically the configuration backend (cn=config) and the DIT (dc=example,dc=com). If we are going to backup those databases into, say, /export/backup, we could use slapcat as shown in the following script, called /usr/local/bin/ldapbackup: 193 #!/ b i n / bash s e t −e BACKUP_PATH=/e x p o r t / backup SLAPCAT=/u s r / s b i n / s l a p c a t n i c e ${SLAPCAT} −b cn=c o n f i g > $ {BACKUP_PATH}/ c o n f i g . l d i f n i c e $ {SLAPCAT} −b dc=example , dc=com > $ {BACKUP_PATH}/ example . com . l d i f chown r o o t : r o o t $ {BACKUP_PATH}/* chmod 600 ${BACKUP_PATH} / * . l d i f Note These files are uncompressed text files containing everything in your directory including the tree layout, usernames, and every password. So, you might want to consider making /export/backup an encrypted partition and even having the script encrypt those files as it creates them. Ideally you should do both, but that depends on your security requirements. Then, it is just a matter of having a cron script to run this program as often as you feel comfortable with. For many, once a day suffices. For others, more often is required. Here is an example of a cron script called /etc/cron.d/ldapbackup that is run every night at 22:45h: MAILTO=backup−emails@domain . com 45 22 * * * r o o t / u s r / l o c a l / b i n / ldapbackup Now the files are created, they should be copied to a backup server. Assuming we did a fresh reinstall of ldap, the restore process could be something like this: #!/ b i n / bash s e t −e BACKUP_PATH=/e x p o r t / backup SLAPADD=/u s r / s b i n / s l a p a d d i f [ −n ” $ ( l s − l / var / l i b / l d a p /* 2>/dev / n u l l ) ” −o −n ” $ ( l s − l / e t c / l d a p / s l a p d . d/* 2>/dev / n u l l ) ” ] ; then echo Run t h e f o l l o w i n g t o remove t h e e x i s t i n g db : echo sudo s y s t e m c t l s t o p s l a p d . s e r v i c e echo sudo rm − r f / e t c / l d a p / s l a p d . d/* / var / l i b / l d a p /* e x i t 1 f i sudo s y s t e m c t l s t o p s l a p d . s e r v i c e | | : sudo s l a p a d d −F / e t c / l d a p / s l a p d . d −b cn=c o n f i g − l / e x p o r t / backup / c o n f i g . l d i f sudo s l a p a d d −F / e t c / l d a p / s l a p d . d −b dc=example , dc=com − l / e x p o r t / backup / example . com . l d i f sudo chown −R openldap : openldap / e t c / l d a p / s l a p d . d/ sudo chown −R openldap : openldap / var / l i b / l d a p / sudo s y s t e m c t l s t a r t s l a p d . s e r v i c e This is a simplistic backup strategy, of course. It’s being shown here as a reference for the basic tooling you can use for backups and restores. 194 |
