一、系列
https://www.cnblogs.com/eagle6688/tag/LDAP/
二、备份
1. 配置文件备份
slapcat -n 0 -l config.ldif
参数"-n 0":指示slapcat命令备份编号为0的数据库,也就是存储配置文件的数据库,n是number的意思;
参数"-l config.ldif":指示slapcat命令将数据备份至"config.ldif"文件中。
2. 数据备份
slapcat -n 2 -l data.ldif
参数-n同样是指示数据库的编号,这个编号在安装的时候进行指定;
参数"-l data.ldif":指示slapcat命令将数据备份至"data.ldif"文件中。
3. 通过脚本和Crontab来实现定期自动更新并上传至其他服务器
有关Crontab的介绍请移步至https://www.cnblogs.com/eagle6688/p/17019244.html
(1) 备份脚本
vi /home/{User}/scripts/openldap_backup.sh
初始化脚本:
#!/bin/sh ####################################################################### # # Backup the OpenLDAP data and configuration as compressed LDIF files. # Also backup the entire OpenLDAP directory and daemon configuration. # ####################################################################### umask 022 DATE=`date +%Y%m%d` BACKUP_DIR="/root/backup/slapd" BACKUP_FILE_FORMAT="slapd.*" BACKUP_CONFIG_FILENAME="slapd.config.${DATE}.ldif" BACKUP_CONFIG_FILE="${BACKUP_DIR}/${BACKUP_CONFIG_FILENAME}" BACKUP_DATA_FILENAME="slapd.data.${DATE}.ldif" BACKUP_DATA_FILE="${BACKUP_DIR}/${BACKUP_DATA_FILENAME}" BACKUP_TAR_FILENAME="slapd.${DATE}.tar.gz" BACKUP_TAR_FILE="${BACKUP_DIR}/${BACKUP_TAR_FILENAME}" TLS_CERT_CA="/etc/openldap/cacerts/ca.cert.pem" TLS_CERT_DIR="/etc/openldap/certs" TLS_CERT_SLAPD="${TLS_CERT_DIR}/openldap.cert" TLS_KEY_SLAPD="${TLS_CERT_DIR}/openldap.key" DIT_CONFIG="cn=config" DIT_DOMAIN="dc=example,dc=com" SLAPD_DIR="/etc/openldap" SLAPD_CONFIG_DIR="${SLAPD_DIR}/slapd.d" LOGFILE="/var/log/backup/slapd.log" KEEP="30" # Make sure we have a log file. if [ ! -f ${LOGFILE} ]; then touch ${LOGFILE} if [ "$?" -ne "0" ]; then echo "ERROR: could not create the log file." exit 1 fi fi # Check if root is running this script. if [ `id -u` -ne "0" ]; then echo "ERROR: only root can run this script." | tee -a ${LOGFILE} exit 1 fi # Make sure we have a backup directory. if [ ! -d ${BACKUP_DIR} ]; then mkdir -p ${BACKUP_DIR} if [ "$?" -ne "0" ]; then echo "ERROR: could not create the backup directory." | tee -a ${LOGFILE} exit 1 fi fi # Make sure we don't have too much backup files piling up in our backup directory. FILES=`find ${BACKUP_DIR} -type f -name "${BACKUP_FILE_FORMAT}" -print | wc -l` if [ "${FILES}" -gt "${KEEP}" ]; then OVER=`echo ${FILES}-${KEEP} | bc` RMFILES=`find ${BACKUP_DIR} -type f -name "${BACKUP_FILE_FORMAT}" -print | sort -r | tail -${OVER}` echo "NOTE: removing ${RMFILES} from the backup directory." >> ${LOGFILE} rm ${RMFILES} fi # Backup configuration as an LDIF file. slapcat -F ${SLAPD_CONFIG_DIR} -b ${DIT_CONFIG} -l ${BACKUP_CONFIG_FILE} >/dev/null 2>&1 if [ "$?" -eq "0" ]; then gzip -f ${BACKUP_CONFIG_FILE} 2>&1 >> ${LOGFILE} if [ "$?" -ne "0" ] ; then echo "ERROR: dump file compression problem." | tee -a ${LOGFILE} exit 1 fi else echo "ERROR: problem running slapcat(8C) for the DIT config backup." | tee -a ${LOGFILE} rm ${BACKUP_CONFIG_FILE} exit 1 fi # Backup data. slapcat -F ${SLAPD_CONFIG_DIR} -b ${DIT_DOMAIN} -l ${BACKUP_DATA_FILE} >/dev/null 2>&1 if [ "$?" -eq "0" ]; then gzip -f ${BACKUP_DATA_FILE} 2>&1 >> ${LOGFILE} if [ "$?" -ne "0" ] ; then echo "ERROR: dump file compression problem." | tee -a ${LOGFILE} exit 1 fi else echo "ERROR: problem running slapcat(8C) for the DIT data backup." | tee -a ${LOGFILE} rm ${BACKUP_DATA_FILE} exit 1 fi # Backup the entire configuration directory. BACKUP_FILES_LIST="${SLAPD_DIR} ${BACKUP_CONFIG_FILE} ${BACKUP_DATA_FILE}" tar zcf ${BACKUP_TAR_FILE} ${BACKUP_FILES_LIST} >/dev/null 2>&1 if [ "$?" -ne "0" ]; then echo "ERROR: problem running config directory tar." | tee -a ${LOGFILE} rm ${BACKUP_TAR_FILE} exit 1 fi # EOF
三、恢复
1. 准备
(1) 恢复数据之前首先需要暂停slapd服务
sudo systemctl stop slapd
2. 恢复配置文件
(1) 查看配置文件目录权限设置
ls -ld /etc/openldap/slapd.d
(2) 备份配置文件目录
sudo mv /etc/openldap/slapd.d /etc/openldap/slapd.d.`date '+%Y-%m-%d'`
(3) 创建新的配置文件目录并赋权
sudo mkdir /etc/openldap/slapd.d
chown -R ldap:ldap /etc/openldap/slapd.d
(4) 恢复
sudo slapadd -n 0 -F /etc/openldap/slapd.d -l /backups/config.ldif
参数"-n 0":与备份命令的含义一致;
参数“-F /etc/openldap/slapd.d”:指明了配置文件所在的目录。
3. 恢复数据文件
(1) 查看数据文件目录权限设置
ls -ld /var/lib/ldap
(2) 备份数据文件目录
sudo mv /var/lib/ldap /var/lib/ldap`date '+%Y-%m-%d'`
(3) 创建新的数据文件目录并赋权
sudo mkdir /var/lib/ldap sudo chown -R ldap:ldap /var/lib/ldap
(4) 恢复
sudo slapadd -n 2 -F /etc/openldap/slapd.d -l /backups/data.ldif
四、参考
https://www.openldap.org/doc/admin24/maintenance.html
https://tylersguides.com/articles/backup-restore-openldap/
http://itdavid.blogspot.com/2012/05/howto-openldap-24-backup-recovery-on.html
http://genetics.wustl.edu/technology/backing-up-and-restoring-openldap/
https://man7.org/linux/man-pages/man8/slapcat.8.html
标签:Backup,openldap,---,OpenLDAP,FILE,LOGFILE,BACKUP,DIR,slapd From: https://www.cnblogs.com/eagle6688/p/16996460.html