OS X Panther Server LDAP Backup Script
NOTE: If you are running Tiger or Leopard server use the built-in Archive function NOT this script.
This script automates the backup procedure for the LDAP database, Password Server database and NetInfo database as well as various configuration files on an OS X Server running 10.3.x. It basically just automates the hot backup procedure outlined in the Open Directory Administration manual from Apple starting on page 118.
This script has to run as root. I run it as a cron job monthly on my servers. I use Cronnix to run it from the System crontab. It will backup all the appropriate databases and put them in a compressed Disk Image file. It then deletes the folder of information leaving only the Disk Image. I then have another script scp it to a secure location off-site.
When setting up the cron job in Cronnix I add the following (without quotes) so it will log the output of the script as well as the errors:
“> /Path/to/log/file 2>&1″
Please feel free to make changes, corrections, additions, etc to this script. If you make any cool changes or figure out how to add the things above I’d love to see them. You can email them to me at macstuff at beachdogs.org.
Instructions
Copy the script below into a text file. If you use TextEdit make sure it saves as a plain text file NOT an RTF file. Obviously you can also use pico or vi or any other UNIX editor. I recommend SubEthaEdit. Name it what ever you like but make sure it ends in “.sh”.
Put the script some place safe on the server.
You’ll probably have to add the execute bit to it at the command line
1. Open Terminal
2. cd to the directory you’ve placed the script in
3. type the following (assuming you aren’t logged in as root): sudo chmod ug+x name_of_the_script.sh
Now the script is executable. If you want to run it from the command line type add “./” (no quotes) before the name of the script. This assumes you are already in the directory where the script is located. If you aren’t logged in as root add “sudo” to the beginning of that line.
Root:
./name_of_the_script.sh
Admin user:
sudo ./name_of_the_script.sh
IMPORTANT NOTE: If you plan on running this as a cron job you need to include the following. Otherwise your final disc image will end up unmountable.
Cron wants to run all it’s commands using the SH shell, even when the shell is explicitly called in the script.
To have cron run in the shell of your choice do the following:
• su to the root account
• create a text file called profile.cron in the home directory
• Enter the following in the file:
- SHELL=/bin/bash
Save the file
In the head of the script you are running put the following in place of “#!/bin/bash”:
. /var/root/.profile.cron (Note the dot with the space before the path)
This applies to running system cron jobs. Running cron jobs from your own account will require a different path for the .profile.cron file. You can also call your own .profile file instead of creating a new one.
The Script:
#!/bin/bash
the_date=`date ‘+%m-%d-%y’`
the_name=ldap_backup_$the_date
#This makes the folder in the root home directory
mkdir ~/$the_name
cd ~/$the_name
#Adds header information to a log
echo ‘LDAP Backup Script ‘$the_date
echo ‘—————————’
#Backs up the LDAP Directory
echo ‘backing up ldif’
slapcat -l backup.ldif
#Backs up the openldap folder
echo “backing up the openldap folder
ditto /etc/openldap ~/$the_name/openldap
#Backs up the Password database
echo ‘backing up the password db’
mkdir -p ~/$the_name/pword_backup
mkpassdb -backupdb ~/$the_name/pword_backup
#Backs up all the Directory Services settings on the server
echo ‘copying the DirectoryService folder’
cp -R /Library/Preferences/DirectoryService ~/$the_name/DirectoryService
#Makes a copy of the hostconfig file
echo ‘copying the hostconfig file’
cp /etc/hostconfig ~/$the_name/hostconfig
#Does a dump of the local NetInfo domain
echo ‘backing up the local NetInfo domain’
nidump -r / . > local.dump
#Backs up the Kerberos KDC
echo ‘backing up the Kerberos KDC’
kdb5_util dump ~/$the_name/kdb.dump
#Makes a compressed Disk Image of everything we just backed up
echo ‘creating a compressed disk image of the files’
hdiutil create -srcfolder ~/$the_name -nouuid -format UDZO -imagekey zlib-level=9 ~/$the_name.dmg
#Gets rid of the folder so only the Disk Image remains
echo ‘deleting the directory after creating the disk image’
cd ..
rm -rf ~/$the_name
#Locks down permissions on the Disk Image file
echo ‘Changing Permissions so that only the owner can read the file’
chmod o-r $the_name.dmg
#Ends a completion time to the log
enddate=`date`
echo ‘ ‘
echo ‘script completed ‘$enddate
webmaster :: Mar.14.2007 :: :: No Comments »