summaryrefslogtreecommitdiffstats
path: root/roles/common-LDAP/files/usr/local/sbin
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-05-26 21:09:33 +0200
committerGuilhem Moulin <guilhem@fripost.org>2020-05-26 21:26:45 +0200
commite54d34a84d2ee4526c301fee4e905891cb2d819a (patch)
tree58c31c9b25c67b5a652064ebcbf219f2776820bf /roles/common-LDAP/files/usr/local/sbin
parenta37de918998af826ae38a1575bacef87c0bf902d (diff)
slapcat-all.sh: Use ldapsearch(1) to generate the LDIF.
Unlike slapcat(1) it doesn't require write access to ~openldap, so we don't have to weaken bacula-fd.service.
Diffstat (limited to 'roles/common-LDAP/files/usr/local/sbin')
-rwxr-xr-xroles/common-LDAP/files/usr/local/sbin/slapcat-all.sh33
1 files changed, 22 insertions, 11 deletions
diff --git a/roles/common-LDAP/files/usr/local/sbin/slapcat-all.sh b/roles/common-LDAP/files/usr/local/sbin/slapcat-all.sh
index cd5abd9..db128c9 100755
--- a/roles/common-LDAP/files/usr/local/sbin/slapcat-all.sh
+++ b/roles/common-LDAP/files/usr/local/sbin/slapcat-all.sh
@@ -1,20 +1,31 @@
#!/bin/sh
# Usage: slapcat-all.sh DIR
-# Save all LDAP databases in DIR: DIR/0.ldif, DIR/1.ldif, ...
+# Save all LDAP databases in DIR: DIR/SUFFIX0.ldif, DIR/SUFFIX1.ldif, ...
set -ue
-PATH=/usr/sbin:/sbin:/usr/bin:/bin
+PATH="/usr/bin:/bin"
+export PATH
-target="$1"
+TARGET="$1"
umask 0077
-prefix=slapcat-
-slapcat -n0 -l"$target/${prefix}0.ldif"
-n=$(grep -Ec '^dn:\s+olcDatabase={[1-9][0-9]*}' "$target/${prefix}0.ldif")
+ldapsearch() {
+ command ldapsearch -H "ldapi://" -QY EXTERNAL "$@"
+}
-while [ $n -gt 0 ]; do
- # the Monitor backend can't be slapcat(8)'ed
- grep -qE "^dn:\s+olcDatabase=\{$n\}monitor,cn=config$" "$target/${prefix}0.ldif" || slapcat -n$n -l"$target/${prefix}$n.ldif"
- n=$(( $n - 1 ))
-done
+backup_database() {
+ local base="$1"
+ ldapsearch -b "$base" \+ \* >"$TARGET/$base.ldif"
+}
+
+backup_database "cn=config"
+
+SUFFIXES="$TARGET/slapd-suffixes"
+ldapsearch -LLL -oldif-wrap="no" -b "cn=config" "(&(objectClass=olcDatabaseConfig)(objectClass=olcMdbConfig))" "olcSuffix" >"$SUFFIXES"
+sed -n -i "s/^olcSuffix:\\s*//p" "$SUFFIXES"
+
+while IFS= read -r b; do
+ [ "${b%,dc=fripost-test,dc=org}" = "$b" ] || continue
+ backup_database "$b"
+done <"$SUFFIXES"