Sunday, November 13, 2011

Backing up and restoring your LDAP

If you're using LDAP with BDB backend then you have two chances to backup your LDAP server:

1. from any client via ldapsearch
2. on the LDAP server via slapcat

To create a backup of your entire DIT you can run ldapsearch:

# ldapsearch -x -w password -D 'cn=ldapadmin,dc=example,dc=com' -b 'dc=example,dc=com' -LLL > backup.ldif

This will store the DIT in backup.ldif. The disadvantage is that you have to provide the password when you need to run it automatically (eg. in a cronjob).

To restore the DIT use ldapadd. First delete the DIT:

# ldapdelete -x -W -D 'cn=ldapadmin,dc=example,dc=com' 'dc=example,dc=com' -r
Enter LDAP Password:

Then use ldapadd to restore the entire DIT:

# ldapadd -x -W -D 'cn=ldapadmin,dc=example,dc=com' -f backup.ldif       
Enter LDAP Password:
adding new entry "dc=example,dc=com"

adding new entry "ou=groups,dc=example,dc=com"

adding new entry "cn=users,ou=groups,dc=example,dc=com"

adding new entry "ou=users,dc=example,dc=com"

adding new entry "uid=sneill,ou=users,dc=example,dc=com"

adding new entry "uid=ajolie,ou=users,dc=example,dc=com"

The next method to perform a backup is (as mentioned before) slapcat. To create a backup with slapcat, log into your LDAP server and run slapcat:

# slapcat > backup.ldif

slapcat will read /etc/openldap/slapd.conf and figure out where the database is stored:

# cat /etc/openldap/slapd.conf
database        bdb
directory       /var/lib/ldap/

Your complete DIT is now stored in backup.ldif. To restore the DIT simulate a data loss. Move the directory where the database is stored and create the directory only again:

# mv /var/lib/ldap/ /var/lib/ldap/data_loss
# mkdir -p /var/lib/ldap/

Now restore the database:

# slapadd < backup.ldif