diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 5dd49ce..0000000 --- a/.drone.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -kind: pipeline -name: default - -steps: - - name: build image only - image: plugins/docker - settings: - repo: eumau/openldap - auto_tag: true - dry_run: true - when: - ref: - - refs/pull/** - # event no anda (?) - # event: - # - pull_request - - - name: build and publish image - image: plugins/docker - settings: - repo: eumau/openldap - auto_tag: true - username: - from_secret: dockerhub_username - password: - from_secret: dockerhub_password - when: - branch: - - master diff --git a/Dockerfile b/Dockerfile index 89604ff..8bde70b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM eumau/debian:buster-slim +FROM eumau/debian:bookworm-slim # admin CN => dn: cn=%%ADMIN_CN%%,%%DOMAIN_DN%% ENV LDAP_ADMIN_CN="admin" @@ -31,6 +31,7 @@ RUN apt-get update \ ADD setup /start.d ADD confd /etc/confd/ ADD entrypoint.sh / +ADD ldap_backup ldap_restore /usr/local/sbin/ EXPOSE 389 diff --git a/ldap_backup b/ldap_backup new file mode 100755 index 0000000..7fd8edf --- /dev/null +++ b/ldap_backup @@ -0,0 +1,15 @@ +#!/bin/bash +assert(){ [[ $? -eq 0 ]] || { [[ -n ${1} ]] && echo ${@} ; exit 1 ; } } + +[[ -n "${LDAP_CONFIG_PASSWORD}" ]] +assert "FATAL: Please set LDAP_CONFIG_PASSWORD and retry." + +# Count databases +DB_COUNT=$(ldapsearch -D cn=admin,cn=config -w "${LDAP_CONFIG_PASSWORD}" -b cn=config -LLL "(olcDatabase=mdb)" dn | tr -s '\n' | wc -l) + +# Perform backup +for i in $(seq 0 ${DB_INDEXES}) +do slapcat -n ${i} -l /var/backups/ldap/${i}.ldif +done + +echo "Backed up ${DB_COUNT} databases in /var/backups/ldap." diff --git a/ldap_restore b/ldap_restore new file mode 100755 index 0000000..b237255 --- /dev/null +++ b/ldap_restore @@ -0,0 +1,46 @@ +#!/bin/bash +assert(){ [[ $? -eq 0 ]] || { [[ -n ${1} ]] && echo ${@} ; exit 1 ; } } + +[[ -f /var/backups/ldap/0.ldif ]] +assert "Unable to restore backup. Missing /var/backups/ldap/0.ldif backup of cn=config." + +[[ -f /var/backups/ldap/1.ldif ]] +assert "Unable to restore backup. Missing /var/backups/ldap/1.ldif backup of first database." + +# Backup and clean existing config directory +tar czf /var/backups/ldap/etc_ldap_slapd_d-$(date '+%Y-%m-%d').tar.gz /etc/ldap/slapd.d +assert "FATAL: could not backup /etc/ldap/slapd.d before restoring." +find /etc/ldap/slapd.d -delete +assert "FATAL: could not clean /etc/ldap/slapd.d before restoring." + +# Backup and clean existing data directory +tar czf /var/backups/ldap/var_lib_ldap-$(date '+%Y-%m-%d').tar.gz /var/lib/ldap +assert "FATAL: could not backup /var/lib/ldap before restoring." +find /var/lib/ldap -delete +assert "FATAL: could not clean /var/lib/ldap before restoring." + +# Restore cn=config +echo "Restoring cn=config..." +slapadd -n 0 -F /etc/ldap/slapd.d -l /var/backups/ldap/0.ldif +assert "FATAL: error restoring cn=config using slapadd." +chown -R openldap:openldap /etc/ldap/slapd.d +assert "FATAL: could not fix /etc/ldap/slapd.d permissions." + +for LDIF in /var/backups/ldap/*.ldif +do + # Check if it's cn=config backup + if [[ "${LDIF}" == "/var/backups/ldap/0.ldif" ]] + then continue + else + INDEX=$(basename "${LDIF}" | sed 's/.ldif$//g') + [[ "${INDEX}" =~ ^[0-9]+$ ]] + assert "FATAL: could not determine the DB index for ${LDIF}." + + echo "Restoring database ${INDEX}..." + slapadd -n ${INDEX} -F /etc/ldap/slapd.d -l "${LDIF}" + assert "FATAL: error restoring database ${INDEX} using slapadd." + fi +done + +chown -R openldap:openldap /var/lib/ldap +assert "FATAL: could not fix /var/lib/ldap permissions."