summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-05-26 21:09:33 +0200
committerGuilhem Moulin <guilhem@fripost.org>2020-05-26 21:26:45 +0200
commite54d34a84d2ee4526c301fee4e905891cb2d819a (patch)
tree58c31c9b25c67b5a652064ebcbf219f2776820bf
parenta37de918998af826ae38a1575bacef87c0bf902d (diff)
slapcat-all.sh: Use ldapsearch(1) to generate the LDIF.
Unlike slapcat(1) it doesn't require write access to ~openldap, so we don't have to weaken bacula-fd.service.
-rw-r--r--roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j22
-rwxr-xr-xroles/common-LDAP/files/usr/local/sbin/slapcat-all.sh33
2 files changed, 23 insertions, 12 deletions
diff --git a/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 b/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2
index 0ab213b..3e37614 100644
--- a/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2
+++ b/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2
@@ -79,7 +79,7 @@ JobDefs {
Runs On Success = yes
Runs On Failure = yes
Runs When = after
- Command = "/usr/bin/find /var/lib/bacula/tmp -type f -name '*.ldif' -delete"
+ Command = "/usr/bin/find /var/lib/bacula/tmp -type f \( -name '*.ldif' -o -name 'slapd-*' \) -delete"
}
Pool = database
Priority = 20
diff --git a/roles/common-LDAP/files/usr/local/sbin/slapcat-all.sh b/roles/common-LDAP/files/usr/local/sbin/slapcat-all.sh
index cd5abd9..db128c9 100755
--- a/roles/common-LDAP/files/usr/local/sbin/slapcat-all.sh
+++ b/roles/common-LDAP/files/usr/local/sbin/slapcat-all.sh
@@ -1,20 +1,31 @@
#!/bin/sh
# Usage: slapcat-all.sh DIR
-# Save all LDAP databases in DIR: DIR/0.ldif, DIR/1.ldif, ...
+# Save all LDAP databases in DIR: DIR/SUFFIX0.ldif, DIR/SUFFIX1.ldif, ...
set -ue
-PATH=/usr/sbin:/sbin:/usr/bin:/bin
+PATH="/usr/bin:/bin"
+export PATH
-target="$1"
+TARGET="$1"
umask 0077
-prefix=slapcat-
-slapcat -n0 -l"$target/${prefix}0.ldif"
-n=$(grep -Ec '^dn:\s+olcDatabase={[1-9][0-9]*}' "$target/${prefix}0.ldif")
+ldapsearch() {
+ command ldapsearch -H "ldapi://" -QY EXTERNAL "$@"
+}
-while [ $n -gt 0 ]; do
- # the Monitor backend can't be slapcat(8)'ed
- grep -qE "^dn:\s+olcDatabase=\{$n\}monitor,cn=config$" "$target/${prefix}0.ldif" || slapcat -n$n -l"$target/${prefix}$n.ldif"
- n=$(( $n - 1 ))
-done
+backup_database() {
+ local base="$1"
+ ldapsearch -b "$base" \+ \* >"$TARGET/$base.ldif"
+}
+
+backup_database "cn=config"
+
+SUFFIXES="$TARGET/slapd-suffixes"
+ldapsearch -LLL -oldif-wrap="no" -b "cn=config" "(&(objectClass=olcDatabaseConfig)(objectClass=olcMdbConfig))" "olcSuffix" >"$SUFFIXES"
+sed -n -i "s/^olcSuffix:\\s*//p" "$SUFFIXES"
+
+while IFS= read -r b; do
+ [ "${b%,dc=fripost-test,dc=org}" = "$b" ] || continue
+ backup_database "$b"
+done <"$SUFFIXES"