OpenLDAP Backup on Ubuntu 12.04

I happen not to like loosing data. Loosing the whole user directory database is kind of nightmare. So it's better to create some backup of the LDAP database.
(Ez a cikk magyarul is olvasható)
If you installed your lovely OpenLDAP-server using the default Ubuntu 12.04 settings (as I did some time ago) there are two things to worry about:

1. the folder /etc/ldap/slapd.d and
2. the folder /var/lib/ldap/ .

Start with the first one. The content of this folder only changes when we change a setting on the OpenLDAP-server - that means we have good chances it will not change during the backup process. You can turn this folder to one file and vice versa using the following commands:

sudo slapcat -n 0 -F /etc/ldap/slapd.d > backup.ldif
sudo slapadd -n 0 -F /etc/ldap/slapd.d -l backup.ldif

One tiny problem is that the man-pages of slapcat and slapadd discourages the use of these commands when the slapd is running. So we forget about the black magic in of the previous two commands and stick to proven methods:

sudo tar cjf slapd.d.tar.bz2 -C / etc/ldap/slapd.d/

That's it. When restoring pay attention that the folder slapd.d is owned by openldap:openldap and has the rights drwxr-xr-x.

The second one is a but more thrilling as if you only have only a hundred users someone's password will be changing in the very moment the backup is running. Or if it's not the password itself, it can be a failed logon attempt. So we are not dointg the backup on file level. Instead we run:

sudo db5.1_hotbackup -c -h /var/lib/ldap/ -b ldapbackup

And with the freshly created ldapbackup folder you do as you like. Upon restoring the slapd is stopped while you cop the content of the folder back to it's original place. The rights and owner of the folder is like we've seen at the folder slapd.d, the owner of the files inside is the same and the rights of them is 600.

My little OpenLDAP quest is far from over:)

Further reading:

http://web.archiveorange.com/archive/v/rG8zF2KvwbNQFCHGLqTB#0moY6hzyoMMRJ9e