[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[LONG] Re: LDAP Server backups
mike.mazzolini@bankofamerica.com wrote:
> All,
> I am currently using the command line utility ldbmcat in order to
> generate a nightly version of my LDAP directory to an LDIF file for backup
> purposes. It is working every night but doesn't seem to dump the entire
> LDAP directory for some reason. I didn't realized this until one day I lost
> my LDAP server and need to reimport the LDIF file.
My backup schemes:
1 master server, 2 public "slaves", one private slave. All Redhat Linux,
various versions. The slaves all have backup scripts, as well as being
"live" backups of the master. (Can you tell I once lost data and went down for
4 hours on a 20,000 user system? :-) )
Crontab on primary server:
------------
# 1:27 am daily ldiff backup
27 1 * * * root /usr/local/bin/ldap_backup daily > /dev/null 2>&1
# 3:32 am weekly ldiff backup (see other servers)
32 3 * * 0 root /usr/local/bin/ldap_backup weekly > /dev/null 2>&1
# 2:32 am monthly ldiff backup (see other servers)
32 2 15 * * root /usr/local/bin/ldap_backup daily > /dev/null 2>&1
-------------
Crontab on "private slave" server:
-------------
# 1:02 am daily ldiff backup
02 1 * * * root /usr/local/bin/ldap_backup daily > /dev/null 2>&1
# 2:32 am weekly ldiff backup (see other servers)
32 3 * * 2 root /usr/local/bin/ldap_backup weekly > /dev/null 2>&1
# 2:32 am monthly ldiff backup (see other servers)
32 2 20 * * root /usr/local/bin/ldap_backup monthly > /dev/null 2>&1
--------------
Note that the different backups are offset from eachother, which allows
me to maitain highest availabilty, as well as provide for a series
of different backups should any one (or two!) servers die or corrupt their
datafiles. I also use different database types... just in case. ;-)
My actual "ldap_backup" scripts are as follows, basically variants
on /etc/rc scripts.
On RedHat 7.0:
--------------
#!/bin/sh
#
# ldap This shell script takes care of starting and stopping
# ldap servers (slapd and slurpd) and generating backups
#
# chkconfig: - 39 61
# description: LDAP stands for Lightweight Directory Access Protocol, used \
# for implementing the industry standard directory services.
# processname: slapd
# config: /etc/openldap/slapd.conf
# pidfile: /var/run/slapd.pid
# Source function library.
. /etc/init.d/functions
slapd=/usr/sbin/slapd
slurpd=/usr/sbin/slurpd
[ -x ${slapd} ] || exit 0
[ -x ${slurpd} ] || exit 0
RETVAL=0
LDAPFILES=/var/lib/ldap
function start() {
# Start daemons.
echo -n "Starting slapd:"
daemon ${slapd}
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
if grep -q "^replogfile" /etc/openldap/slapd.conf; then
echo -n "Starting slurpd:"
daemon ${slurpd}
RETVAL=$?
echo
fi
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/ldap
return $RETVAL
}
function stop() {
# Stop daemons.
echo -n "Shutting down ldap: "
killproc ${slapd}
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
if grep -q "^replogfile" /etc/openldap/slapd.conf; then
killproc ${slurpd}
RETVAL=$?
fi
fi
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ldap /var/run/slapd.args
return $RETVAL
}
# See how we were called.
case "$1" in
daily)
stop
/usr/sbin/ldbmcat -n ${LDAPFILES}/id2entry.gdbm > ${LDAPFILES}/daily-ldif-backup
start
;;
weekly)
stop
/usr/sbin/ldbmcat -n ${LDAPFILES}/id2entry.gdbm > ${LDAPFILES}/weekly-ldif-backup
start
;;
monthly)
stop
/usr/sbin/ldbmcat -n ${LDAPFILES}/id2entry.gdbm > ${LDAPFILES}/monthly-ldif-backup
start
;;
*)
echo "Usage: $0 daily|weekly|monthly}"
RETVAL=1
esac
exit $RETVAL
-------------------------------------------
This one uses some RedHat 7 init.d functions, and gdbm.
My Redhat 6.2 box:
-------------------------------
#!/bin/sh
#
# ldap This shell script takes care of starting and stopping
# ldap servers (slapd and slurpd).
#
# chkconfig: - 39 61
# description: LDAP stands for Lightweight Directory Access Protocol, used \
# for implementing the industry standard directory services.
# processname: slapd
# config: /etc/openldap/slapd.conf
# pidfile: /var/run/slapd.pid
# Source function library.
. /etc/rc.d/init.d/functions
[ -f /usr/sbin/slapd ] || exit 0
[ -f /usr/sbin/slurpd ] || exit 0
LDAPFILES=/var/lib/ldap
RETVAL=0
function start(){
# Start daemons.
echo -n "Starting ldap: "
daemon slapd
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
if grep -q "^replogfile" /etc/openldap/slapd.conf; then
daemon slurpd
RETVAL=$?
[ $RETVAL -eq 0 ] && pidof slurpd | cut -f 1 -d " " > /var/run/slurpd
fi
fi
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/ldap
}
function stop(){
# Stop daemons.
echo -n "Shutting down ldap: "
killproc slapd
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
if grep -q "^replogfile" /etc/openldap/slapd.conf; then
killproc slurpd
RETVAL=$?
fi
fi
echo
if [ $RETVAL -eq 0 ]; then
rm -f /var/lock/subsys/ldap
rm -f /var/run/slapd.args
fi
}
case "$1" in
daily)
stop
/usr/sbin/ldbmcat -n ${LDAPFILES}/id2entry.dbb > ${LDAPFILES}/daily-ldif-backup
start
;;
weekly)
stop
/usr/sbin/ldbmcat -n ${LDAPFILES}/id2entry.dbb > ${LDAPFILES}/weekly-ldif-backup
start
;;
monthly)
stop
/usr/sbin/ldbmcat -n ${LDAPFILES}/id2entry.dbb > ${LDAPFILES}/monthly-ldif-backup
start
;;
*)
echo "Usage: $0 daily|weekly|monthly}"
RETVAL=1
esac
exit $RETVAL
----------------------------------------------
HTH,
-Ronabop
--2D426F70|759328624|00101101010000100110111101110000
Personal: ron@opus1.com, 520-326-6109, http://www.opus1.com/ron/
Work: rchmara@pnsinc.com, 520-546-8993, http://www.pnsinc.com/
The opinions expressed in this email are not necessarily those of myself,
my employers, or any of the other little voices in my head.