diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2020-05-26 21:09:33 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2020-05-26 21:26:45 +0200 |
commit | e54d34a84d2ee4526c301fee4e905891cb2d819a (patch) | |
tree | 58c31c9b25c67b5a652064ebcbf219f2776820bf | |
parent | a37de918998af826ae38a1575bacef87c0bf902d (diff) |
slapcat-all.sh: Use ldapsearch(1) to generate the LDIF.
Unlike slapcat(1) it doesn't require write access to ~openldap, so we
don't have to weaken bacula-fd.service.
-rw-r--r-- | roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 | 2 | ||||
-rwxr-xr-x | roles/common-LDAP/files/usr/local/sbin/slapcat-all.sh | 33 |
2 files changed, 23 insertions, 12 deletions
diff --git a/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 b/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 index 0ab213b..3e37614 100644 --- a/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 +++ b/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 @@ -79,7 +79,7 @@ JobDefs { Runs On Success = yes Runs On Failure = yes Runs When = after - Command = "/usr/bin/find /var/lib/bacula/tmp -type f -name '*.ldif' -delete" + Command = "/usr/bin/find /var/lib/bacula/tmp -type f \( -name '*.ldif' -o -name 'slapd-*' \) -delete" } Pool = database Priority = 20 diff --git a/roles/common-LDAP/files/usr/local/sbin/slapcat-all.sh b/roles/common-LDAP/files/usr/local/sbin/slapcat-all.sh index cd5abd9..db128c9 100755 --- a/roles/common-LDAP/files/usr/local/sbin/slapcat-all.sh +++ b/roles/common-LDAP/files/usr/local/sbin/slapcat-all.sh @@ -1,20 +1,31 @@ #!/bin/sh # Usage: slapcat-all.sh DIR -# Save all LDAP databases in DIR: DIR/0.ldif, DIR/1.ldif, ... +# Save all LDAP databases in DIR: DIR/SUFFIX0.ldif, DIR/SUFFIX1.ldif, ... set -ue -PATH=/usr/sbin:/sbin:/usr/bin:/bin +PATH="/usr/bin:/bin" +export PATH -target="$1" +TARGET="$1" umask 0077 -prefix=slapcat- -slapcat -n0 -l"$target/${prefix}0.ldif" -n=$(grep -Ec '^dn:\s+olcDatabase={[1-9][0-9]*}' "$target/${prefix}0.ldif") +ldapsearch() { + command ldapsearch -H "ldapi://" -QY EXTERNAL "$@" +} -while [ $n -gt 0 ]; do - # the Monitor backend can't be slapcat(8)'ed - grep -qE "^dn:\s+olcDatabase=\{$n\}monitor,cn=config$" "$target/${prefix}0.ldif" || slapcat -n$n -l"$target/${prefix}$n.ldif" - n=$(( $n - 1 )) -done +backup_database() { + local base="$1" + ldapsearch -b "$base" \+ \* >"$TARGET/$base.ldif" +} + +backup_database "cn=config" + +SUFFIXES="$TARGET/slapd-suffixes" +ldapsearch -LLL -oldif-wrap="no" -b "cn=config" "(&(objectClass=olcDatabaseConfig)(objectClass=olcMdbConfig))" "olcSuffix" >"$SUFFIXES" +sed -n -i "s/^olcSuffix:\\s*//p" "$SUFFIXES" + +while IFS= read -r b; do + [ "${b%,dc=fripost-test,dc=org}" = "$b" ] || continue + backup_database "$b" +done <"$SUFFIXES" |