Pages

Saturday, February 4, 2012

LDAP backup with bacula

To backup your LDAP with bacula is very easy. You only need to create a script that exports the DIT in a file. Then create a job that backups this file. To start go into the bacula configuration directory and define a new job:

# cd /opt/bacula/latest/etc/
# vi common/jobs.conf
...
Job {
  Name = "dc01_ldap"
  Type = Backup
  Client = bck01-fd
  Schedule = "WeeklyCycle"
  Storage = D240-File
  Pool = D240-File
  Messages = Standard
  Priority = 10
  Level = Full
  FileSet="ldap"
  RunBeforeJob = "/opt/bacula/latest/etc/scripts/make_ldap_backup.sh"
  RunAfterJob  = "/opt/bacula/latest/etc/scripts/delete_ldap_backup.sh"
}
...

Note the last two line in the job definition - with these options a script will be started before the job starts and after the job has finished. As the name says it, one script is for exporting the LDAP DIT into a file and the other script is for removing the file after the job has finished. Here are my scripts, first the script to create the LDAP DIT:

# vi /opt/bacula/latest/etc/scripts/make_ldap_backup.sh
#!/bin/bash
/bin/ldapsearch -v -h 192.168.1.73 -p 389 -D 'cn=ldapadmin,dc=example,dc=com' -w 'It'satrap!' -b 'dc=example,dc=com' -s sub 'objectClass=*' > /opt/bacula/latest/var/bacula/working/example.com.ldif

The above script will connect to 192.168.1.73 to fetch the DIT. Don't forget to use your own credentials, base etc (btw, I'm using the native Solaris 10 command here, not the OpenLDAP ladpsearch command). The DIT will be saved under /opt/bacula/latest/var/bacula/working/example.com.ldif - this is the file you have to backup with bacula. Next create the second script. This will remove the exported DIT again:

# vi /opt/bacula/latest/etc/scripts/delete_ldap_backup.sh
#!/bin/bash
rm /opt/bacula/latest/var/bacula/working/example.com.ldif

To finish the work on both scripts make them executable:

# chmod 755 /opt/bacula/latest/etc/scripts/make_ldap_backup.sh
# chmod 755 /opt/bacula/latest/etc/scripts/delete_ldap_backup.sh

And test them:

# /opt/bacula/latest/etc/scripts/make_ldap_backup.sh
# ls -la /opt/bacula/latest/var/bacula/working/example.com.ldif
...
# /opt/bacula/latest/etc/scripts/delete_ldap_backup.sh

With the job and the both scripts created you need a fileset:

# vi common/fileset.conf
...
FileSet {
  Name = "ldap"
  Include {
    Options {
      signature = MD5
    }
    File = "/opt/bacula/latest/var/bacula/working/example.com.ldif"
  }
}
...

After all this start bconsole and relaod the config:

# bconsole
Connecting to Director bck01:9101
1000 OK: bck01-dir Version: 5.2.3 (16 December 2011)
Enter a period to cancel a command.
*reload

And try to run the job:

*run
...
The defined Job resources are:
...
     2: dc01_ldap
...
Job queued. JobId=71
...