diff --git a/crond/crontab b/crond/crontab
index 6f7374e294abbdfadfa5876a58313fa0d047693a..fb2522e1d69ca8d80f9b15251dcd945690f4052b 100644
--- a/crond/crontab
+++ b/crond/crontab
@@ -1 +1,2 @@
 @weekly docker exec ldap_ldap_1 backup || wget --spider https://notify.shore.co.il/send?message=LDAP%20backup%20failed.
+@daily docker exec ldap_ldap_1 find /var/backups/ldap -atime +30 -delete
diff --git a/docker-compose.yml b/docker-compose.yml
index 595c91a14cf4d02ca571a544e6c8a4c9e5aa4f7e..288677313107a210013665da0bd509001fdf732a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -37,7 +37,7 @@ services:
     volumes:
       - _run_slapd:/run/slapd
       - ldap:/var/lib/ldap
-      - backup_ldap:/var/backups/ldap
+      - /var/backups/ldap:/var/backups/ldap
       - /var/ssl/dhparams:/var/ssl/dhparams:ro
 
   ldap-account-manager:
@@ -68,9 +68,6 @@ volumes:
   _run_slapd:
     name: run_slapd
   ldap:
-  backup_ldap:
-    labels:
-      snapshot: 'true'
 
 networks:
   default:
diff --git a/slapd/Dockerfile b/slapd/Dockerfile
index 118c59e66dd09c2f1956df848999467b67e380a0..508aadef4e5986b0eec50740bfed2489c730c976 100644
--- a/slapd/Dockerfile
+++ b/slapd/Dockerfile
@@ -30,6 +30,7 @@ COPY --chown=root:root config.ldif /usr/share/slapd/
 COPY --chown=root:root skel.ldif /usr/share/slapd/
 COPY --chown=root:root entrypoint /usr/local/sbin/
 COPY --chown=root:root backup /usr/local/sbin/
+COPY --chown=root:root restore /usr/local/sbin/
 EXPOSE 389 636
 VOLUME [ "/var/lib/ldap" ]
 VOLUME [ "/run/slapd" ]
diff --git a/slapd/backup b/slapd/backup
index 9fe1ab22c8745780df911a96f74cc5ee051b8f14..dd6748f4fb54e5bb965100946be4f540377d706e 100755
--- a/slapd/backup
+++ b/slapd/backup
@@ -1,11 +1,21 @@
 #!/bin/sh
 set -eux
 
+cleanup () {
+    rm -rf "$tempdir"
+}
+
 alias slapcat='slapcat -vF /var/lib/ldap/config'
 
-slapcat -n0 -l /var/backups/ldap/config.ldif
+now="$(date --utc --iso-8601=seconds)"
+trap 'cleanup' INT QUIT EXIT TERM
+tempdir="$(mktemp -d)"
+
+slapcat -n0 -l "$tempdir/config.ldif"
 
 for dn in $(ldapsearch -Y EXTERNAL -LLL -s base -b '' o namingContexts | sed -n '/namingContexts/ s/namingContexts: //gp')
 do
-    slapcat -b "$dn" -l "/var/backups/ldap/$dn.ldif"
+    slapcat -b "$dn" -l "$tempdir/$dn.ldif"
 done
+
+tar -zcf "/var/backups/ldap/$now.ldif" -C "$tempdir" .
diff --git a/slapd/restore b/slapd/restore
new file mode 100755
index 0000000000000000000000000000000000000000..bcf29efe67793a6297ec591f0d61eb29ff4e573b
--- /dev/null
+++ b/slapd/restore
@@ -0,0 +1,25 @@
+#!/bin/sh
+set -eux
+
+cleanup () {
+    rm -rf "$tempdir"
+}
+
+alias slapadd='slapadd -vF /var/lib/ldap/config'
+
+src="$1"
+
+trap 'cleanup' INT QUIT EXIT TERM
+
+tempdir="$(mktemp -d)"
+
+tar -xzf "$src" -C "$tempdir"
+
+slapadd -c -n0 -l "$tempdir/config.ldif"
+
+# shellcheck disable=SC2044
+for file in $(find "$tempdir" -type f -name '*.ldif' \! -name config.ldif -printf '%f\n')
+do
+    dn="${file%.ldif}"
+    slapadd -c -b "$dn" -l "$tempdir/$file"
+done