Affected NV Version: ALL
OS version: OSX
Plug-in version: N/A
Application Version: N/A
Description: Solution describes how to backup an LDAP database in OSX.
This script automates the backup procedure for the LDAP database, Password Server database and NetInfo database as well as various configuration files on an OS X Server running 10.3.x. It basically just automates the hot backup procedure outlined in the Open Directory Administration manual from Apple starting on page 118.
This script has to run as root. I run it as a cron job monthly on my servers. I use Cronnix to run it from the System crontab. It will backup all the appropriate databases and put them in a compressed Disk Image file. It then deletes the folder of information leaving only the Disk Image. I then have another script scp it to a secure location off-site.
When setting up the cron job in Cronnix I add the following (without quotes) so it will log the output of the script as well as the errors:
> /Path/to/log/file 2>&1
Please feel free to make changes, corrections, additions, etc to this script. If you make any cool changes or figure out how to add the things above I'd love to see them. You can email them to me at macstuff at beachdogs.org.
Copy the script below into a text file. If you use TextEdit make sure it saves as a plain text file NOT an RTF file. Obviously you can also use pico or vi or any other UNIX editor. I recommend SubEthaEdit. Name it what ever you like but make sure it ends in .sh.
Put the script some place safe on the server.
You'll probably have to add the execute bit to it at the command line
1. Open Terminal
2. cd to the directory you've placed the script in
3. type the following (assuming you aren't logged in as root): sudo chmod ug+x name_of_the_script.sh
Now the script is executable. If you want to run it from the command line type add ./ before the name of the script. This assumes you are already in the directory where the script is located. If you aren't logged in as root add 'sudo' to the beginning of that line.
IMPORTANT NOTE: If you plan on running this as a cron job you need to include the following. Otherwise your final disc image will end up unmountable.
Cron wants to run all commands using the SH shell, even when the shell is explicitly called in the script.
To have cron run in the shell of your choice do the following:
su to the root account
create a text file called profile.cron in the home directory
Enter the following in the file:
Save the file
In the head of the script you are running put the following in place of /bin/bash:
. /var/root/.profile.cron (Note the dot with the space before the path)
This applies to running system cron jobs. Running cron jobs from your own account will require a different path for the .profile.cron file. You can also call your own .profile file instead of creating a new one.
#This makes the folder in the root home directory
#Adds header information to a log
echo LDAP Backup Script $the_date
#Backs up the LDAP Directory
echo backing up ldif
slapcat -l backup.ldif
#Backs up the openldap folder
echo backing up the openldap folder
ditto /etc/openldap ~/$the_name/openldap
#Backs up the Password database
echo backing up the password db
mkdir -p ~/$the_name/pword_backup
mkpassdb -backupdb ~/$the_name/pword_backup
#Backs up all the Directory Services settings on the server
echo copying the DirectoryService folder
cp -R /Library/Preferences/DirectoryService ~/$the_name/DirectoryService
#Makes a copy of the hostconfig file
echo copying the hostconfig file
cp /etc/hostconfig ~/$the_name/hostconfig
#Does a dump of the local NetInfo domain
echo backing up the local NetInfo domain
nidump -r / . > local.dump
#Backs up the Kerberos KDC
echo backing up the Kerberos KDC
kdb5_util dump ~/$the_name/kdb.dump
#Makes a compressed Disk Image of everything we just backed up
echo creating a compressed disk image of the files
hdiutil create -srcfolder ~/$the_name -nouuid -format UDZO -imagekey zlib-level=9 ~/$the_name.dmg
#Gets rid of the folder so only the Disk Image remains
echo deleting the directory after creating the disk image
rm -rf ~/$the_name
#Locks down permissions on the Disk Image file
echo Changing Permissions so that only the owner can read the file
chmod o-r $the_name.dmg
#Ends a completion time to the log
echo script completed $enddate
Once the script above has created a file. That file can then be backed up with the NetVault filesystem apm.