一、系列
https://www.cnblogs.com/eagle6688/tag/LDAP/
二、备份
1. 配置文件备份
slapcat -n 0 -l config.ldif
参数"-n 0":指示slapcat命令备份编号为0的数据库,也就是存储配置文件的数据库,n是number的意思;
参数"-l config.ldif":指示slapcat命令将数据备份至"config.ldif"文件中。
2. 数据备份
slapcat -n 2 -l data.ldif
参数-n同样是指示数据库的编号,这个编号在安装的时候进行指定;
参数"-l data.ldif":指示slapcat命令将数据备份至"data.ldif"文件中。
3. 通过脚本和Crontab来实现定期自动更新并上传至其他服务器
有关Crontab的介绍请移步至https://www.cnblogs.com/eagle6688/p/17019244.html
(1) 备份脚本
vi /home/{User}/scripts/openldap_backup.sh
初始化脚本:
#!/bin/sh
#######################################################################
#
# Backup the OpenLDAP data and configuration as compressed LDIF files.
# Also backup the entire OpenLDAP directory and daemon configuration.
#
#######################################################################
umask 022
DATE=`date +%Y%m%d`
BACKUP_DIR="/root/backup/slapd"
BACKUP_FILE_FORMAT="slapd.*"
BACKUP_CONFIG_FILENAME="slapd.config.${DATE}.ldif"
BACKUP_CONFIG_FILE="${BACKUP_DIR}/${BACKUP_CONFIG_FILENAME}"
BACKUP_DATA_FILENAME="slapd.data.${DATE}.ldif"
BACKUP_DATA_FILE="${BACKUP_DIR}/${BACKUP_DATA_FILENAME}"
BACKUP_TAR_FILENAME="slapd.${DATE}.tar.gz"
BACKUP_TAR_FILE="${BACKUP_DIR}/${BACKUP_TAR_FILENAME}"
TLS_CERT_CA="/etc/openldap/cacerts/ca.cert.pem"
TLS_CERT_DIR="/etc/openldap/certs"
TLS_CERT_SLAPD="${TLS_CERT_DIR}/openldap.cert"
TLS_KEY_SLAPD="${TLS_CERT_DIR}/openldap.key"
DIT_CONFIG="cn=config"
DIT_DOMAIN="dc=example,dc=com"
SLAPD_DIR="/etc/openldap"
SLAPD_CONFIG_DIR="${SLAPD_DIR}/slapd.d"
LOGFILE="/var/log/backup/slapd.log"
KEEP="30"
# Make sure we have a log file.
if [ ! -f ${LOGFILE} ]; then
touch ${LOGFILE}
if [ "$?" -ne "0" ]; then
echo "ERROR: could not create the log file."
exit 1
fi
fi
# Check if root is running this script.
if [ `id -u` -ne "0" ]; then
echo "ERROR: only root can run this script." | tee -a ${LOGFILE}
exit 1
fi
# Make sure we have a backup directory.
if [ ! -d ${BACKUP_DIR} ]; then
mkdir -p ${BACKUP_DIR}
if [ "$?" -ne "0" ]; then
echo "ERROR: could not create the backup directory." | tee -a ${LOGFILE}
exit 1
fi
fi
# Make sure we don't have too much backup files piling up in our backup directory.
FILES=`find ${BACKUP_DIR} -type f -name "${BACKUP_FILE_FORMAT}" -print | wc -l`
if [ "${FILES}" -gt "${KEEP}" ]; then
OVER=`echo ${FILES}-${KEEP} | bc`
RMFILES=`find ${BACKUP_DIR} -type f -name "${BACKUP_FILE_FORMAT}" -print | sort -r | tail -${OVER}`
echo "NOTE: removing ${RMFILES} from the backup directory." >> ${LOGFILE}
rm ${RMFILES}
fi
# Backup configuration as an LDIF file.
slapcat -F ${SLAPD_CONFIG_DIR} -b ${DIT_CONFIG} -l ${BACKUP_CONFIG_FILE} >/dev/null 2>&1
if [ "$?" -eq "0" ]; then
gzip -f ${BACKUP_CONFIG_FILE} 2>&1 >> ${LOGFILE}
if [ "$?" -ne "0" ] ; then
echo "ERROR: dump file compression problem." | tee -a ${LOGFILE}
exit 1
fi
else
echo "ERROR: problem running slapcat(8C) for the DIT config backup." | tee -a ${LOGFILE}
rm ${BACKUP_CONFIG_FILE}
exit 1
fi
# Backup data.
slapcat -F ${SLAPD_CONFIG_DIR} -b ${DIT_DOMAIN} -l ${BACKUP_DATA_FILE} >/dev/null 2>&1
if [ "$?" -eq "0" ]; then
gzip -f ${BACKUP_DATA_FILE} 2>&1 >> ${LOGFILE}
if [ "$?" -ne "0" ] ; then
echo "ERROR: dump file compression problem." | tee -a ${LOGFILE}
exit 1
fi
else
echo "ERROR: problem running slapcat(8C) for the DIT data backup." | tee -a ${LOGFILE}
rm ${BACKUP_DATA_FILE}
exit 1
fi
# Backup the entire configuration directory.
BACKUP_FILES_LIST="${SLAPD_DIR} ${BACKUP_CONFIG_FILE} ${BACKUP_DATA_FILE}"
tar zcf ${BACKUP_TAR_FILE} ${BACKUP_FILES_LIST} >/dev/null 2>&1
if [ "$?" -ne "0" ]; then
echo "ERROR: problem running config directory tar." | tee -a ${LOGFILE}
rm ${BACKUP_TAR_FILE}
exit 1
fi
# EOF
三、恢复
1. 准备
(1) 恢复数据之前首先需要暂停slapd服务
sudo systemctl stop slapd
2. 恢复配置文件
(1) 查看配置文件目录权限设置
ls -ld /etc/openldap/slapd.d
(2) 备份配置文件目录
sudo mv /etc/openldap/slapd.d /etc/openldap/slapd.d.`date '+%Y-%m-%d'`
(3) 创建新的配置文件目录并赋权
sudo mkdir /etc/openldap/slapd.d
chown -R ldap:ldap /etc/openldap/slapd.d
(4) 恢复
sudo slapadd -n 0 -F /etc/openldap/slapd.d -l /backups/config.ldif
参数"-n 0":与备份命令的含义一致;
参数“-F /etc/openldap/slapd.d”:指明了配置文件所在的目录。
3. 恢复数据文件
(1) 查看数据文件目录权限设置
ls -ld /var/lib/ldap
(2) 备份数据文件目录
sudo mv /var/lib/ldap /var/lib/ldap`date '+%Y-%m-%d'`
(3) 创建新的数据文件目录并赋权
sudo mkdir /var/lib/ldap sudo chown -R ldap:ldap /var/lib/ldap
(4) 恢复
sudo slapadd -n 2 -F /etc/openldap/slapd.d -l /backups/data.ldif
四、参考
https://www.openldap.org/doc/admin24/maintenance.html
https://tylersguides.com/articles/backup-restore-openldap/
http://itdavid.blogspot.com/2012/05/howto-openldap-24-backup-recovery-on.html
http://genetics.wustl.edu/technology/backing-up-and-restoring-openldap/
https://man7.org/linux/man-pages/man8/slapcat.8.html
标签:Backup,openldap,---,OpenLDAP,FILE,LOGFILE,BACKUP,DIR,slapd From: https://www.cnblogs.com/eagle6688/p/16996460.html