nimrod · nimrod · nimrod · fe064fad · fe064fad · fe064fad
--- a/crond/crontab
+++ b/crond/crontab
 @weekly docker exec ldap_ldap_1 backup || wget --spider https://notify.shore.co.il/send?message=LDAP%20backup%20failed.
+@daily docker exec ldap_ldap_1 find /var/backups/ldap -atime +30 -delete
--- a/docker-compose.yml
+++ b/docker-compose.yml
-# vim:ff=unix:ts=2:sw=2:ai:expandtab
 ---
 version: '3.5'
 services:
@@ -6,7 +5,7 @@ services:
    environment:
      LDAP_BASE_DN: "ou=People,${LDAP_BASE_DN:-dc=shore,dc=co,dc=il}"
      LDAP_OBJECTS_DN: "dn"
-      LDAP_OPENLDAP: !!str true
+      LDAP_OPENLDAP: 'true'
      LDAP_REALM_NAME: shore.co.il authentication
      LDAP_USER_OBJECT_FILTER: "(&(objectclass=inetOrgPerson)(uid=%s))"
      SECRET_KEY: "${SECRET_KEY:-qwerty123}"
@@ -37,7 +36,7 @@ services:
    volumes:
      - _run_slapd:/run/slapd
      - ldap:/var/lib/ldap
-      - backup_ldap:/var/backups/ldap
+      - /var/backups/ldap:/var/backups/ldap
      - /var/ssl/dhparams:/var/ssl/dhparams:ro

  ldap-account-manager:
@@ -68,9 +67,6 @@ volumes:
  _run_slapd:
    name: run_slapd
  ldap:
-  backup_ldap:
-    labels:
-      snapshot: 'true'

 networks:
  default:

--- a/slapd/Dockerfile
+++ b/slapd/Dockerfile
-FROM debian:buster-slim
+FROM debian:bullseye-slim
 # hadolint ignore=DL3008
 RUN apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
@@ -30,6 +30,7 @@ COPY --chown=root:root config.ldif /usr/share/slapd/
 COPY --chown=root:root skel.ldif /usr/share/slapd/
 COPY --chown=root:root entrypoint /usr/local/sbin/
 COPY --chown=root:root backup /usr/local/sbin/
+COPY --chown=root:root restore /usr/local/sbin/
 EXPOSE 389 636
 VOLUME [ "/var/lib/ldap" ]
 VOLUME [ "/run/slapd" ]

--- a/slapd/backup
+++ b/slapd/backup
 #!/bin/sh
 set -eux

+cleanup () {
+    rm -rf "$tempdir"
+}
+
 alias slapcat='slapcat -vF /var/lib/ldap/config'

-slapcat -n0 -l /var/backups/ldap/config.ldif
+now="$(date --utc --iso-8601=seconds)"
+trap 'cleanup' INT QUIT EXIT TERM
+tempdir="$(mktemp -d)"
+
+slapcat -n0 -l "$tempdir/config.ldif"

 for dn in $(ldapsearch -Y EXTERNAL -LLL -s base -b '' o namingContexts | sed -n '/namingContexts/ s/namingContexts: //gp')
 do
-    slapcat -b "$dn" -l "/var/backups/ldap/$dn.ldif"
+    slapcat -b "$dn" -l "$tempdir/$dn.ldif"
 done
+
+tar -zcf "/var/backups/ldap/$now.tar.gz" -C "$tempdir" .
--- a/slapd/restore
+++ b/slapd/restore
+#!/bin/sh
+set -eux
+
+cleanup () {
+    rm -rf "$tempdir"
+}
+
+alias slapadd='slapadd -vF /var/lib/ldap/config'
+
+src="$1"
+
+trap 'cleanup' INT QUIT EXIT TERM
+
+tempdir="$(mktemp -d)"
+
+tar -xzf "$src" -C "$tempdir"
+
+slapadd -c -n0 -l "$tempdir/config.ldif"
+
+# shellcheck disable=SC2044
+for file in $(find "$tempdir" -type f -name '*.ldif' \! -name config.ldif -printf '%f\n')
+do
+    dn="${file%.ldif}"
+    slapadd -c -b "$dn" -l "$tempdir/$file"
+done