Script for Edirectory Backup#

Based on our Edirectory Backup Strategy, we use a scrip to perform the backups.

The script will perform a FULL backup from both DSBK and LDIF on the value of variable "FULLBACKUPDOW". Every other day, an Incremental is performed.

The LDIF Incremental Backup is done based on any entry defined by the variable "LDAPPEOPLEBASE" that was modified in the last day.

The DSBK is a Incremental Backup as defined by Novell.

The script is expected to run on a server with eDirectory is installed.

The script can backup passwords to an LDIF by using Dump Password Information Tool-Command Line Options and setting the variable "PASSBKUP=TRUE".

Use Entirely at Your Own Risk Services.willeke.biz nor anyone else is responsible if you use a tool or any information on this site and causes damages to anyone or anything! You are required to read Our Standard Disclaimer

Usage#

Of course you must modify this to meet your specific needs.
#!/bin/bash
#
# SCRIPT: willeke-idv-edir-backup.sh
# AUTHOR: jim@willeke.com
# DATE:   01/03/11 15:04:32
T_VER=3.1B  # Script Version Number
#
# PLATFORM: SPECIFY: Linux
#
# REQUIREMENTS: 
# - You must create the directories used in the script:
# - You must be certain of the proper settings for the variables in the script.
# - Assumes that eDirectory is installed on the server it runs.
#
# PURPOSE: 
# Performs a dsbk and an LDIF backup on the server which the script runs.
#  Does FULL and incremental
#
# REV LIST:
#  DATE: 03/06/11 08:12:02
#        BY:   jim@Willeke.com
#        MODIFICATION: Describe what was modified, new features, etc--
#
#  DATE: 2011-08-16-07:02:10
#        BY:   jim@Willeke.com
#        MODIFICATION: 
#        Changed the backup directory to point to the san
#           From BACKUPDIR=/var/backups/edir
#           to: BACKUPDIR=/export/backups/idm/edir
#        Changed the backup directory to point to the san
#           From LOGDIR=/var/log/iam/edir
#           to: LOGDIR=/export/backups/idm/log
#        Commented out the Compression commands
#        Extracted variable DAYSTOKEEP so we could change the number of days to keep files.
#        Fixed minor bug where /var/backups/edir was hardcoded to use BACKUPDIR.
#        Changed T_VER=2.3B
#  DATE: 2011-08-28-07:36:52
#        BY:   jim@Willeke.com
#        MODIFICATION: 
#           Added abiity to backup passwords based on PASSBKUP
#
# set -n   # Uncomment to check script syntax, without execution.
#          # NOTE: Do not forget to put the # comment back in or
#          #       the shell script will never execute!
# set -x   # Uncomment to debug this shell script
#
##########################################################
#         DEFINE FILES AND VARIABLES HERE
##########################################################
# These first values will need to be set or verified for each host.
# path to eDIrectory bin directory defult is /opt/novell/eDirectory/bin
BINDIR=/opt/novell/eDirectory/bin
# Full path the the nds.conf config path
# Default for single instances: CONFIGFILE=/etc/opt/novell/eDirectory/conf/nds.conf
CONFIGFILE=/etc/opt/novell/eDirectory/conf/nds.conf
# Username to access the application server
USERNAME=admin.services.willeke.com
# LDAP Format Backup User 
LDAPBACKUPUSER="cn=admin,ou=services,dc=willeke,dc=com"
# Username to access the application server e.g. password
PASSWORD=itisasecret
# Put the backups under here
BACKUPDIR=/var/opt/novell/eDirectory/backups
# Put the logs files here
LOGDIR=/var/opt/novell/eDirectory/backups
# How long to allow for DSBK to run in seconds
BACKUPPAUSE=100
# LDAP Format of People Container
LDAPPEOPLEBASE="ou=people,dc=willeke,dc=com"
# Day of week that is full backups
FULLBACKUPDOW=Sunday
# Maintain DAYSTOKEEP FILES
DAYSTOKEEP=14
# Perform password backup
PASSBKUP=TRUE
# JAVA_HOME
JAVA_HOME=/opt/novell/eDirectory/lib/nds-modules/jre1.6.0_20
# Path to dumpup/DumpPasswordInformation.jar
DUMPUPPATH=/root/Documents/usr/local/share/willeke/dumpup
##########################################################
# The following should not normally need to be changed
##########################################################
THIS_SCRIPT=$(basename $0)
SINGLEBAR="......................................................................" 
DOUBLEBAR="======================================================================"
APPNAME=EDIRBACKUP
TREENAME=UNKNOWN
# Host name (or IP address) of application server e.g localhost
APPHOST=localhost
# Log File Name
LOGFILE=$LOGDIR/$APPNAME.log
# Set path so we know we always get the right executables
PATH=/usr/local/bin:/usr/bin:/bin
# Our Standard Date format for files
DATE=`date +%Y-%m-%d`	# Datestamp e.g 2002-09-21
# Get DOW
DOW=`date +%A`		# Day of the week e.g. Monday
# Get DOM
DOM=`date +%d`		# Date of the Month e.g. 27
# Get Month Name
M=`date +%B`		# Month e.g January
# GET WEEK NUMBER
W=`date +%V`		# Week Number e.g 37
# Create a LDAP formated date for yesterday
LDAPDATELESSONE="$(date -d 'yesterday' +%Y%m%d)010000Z"
##########################################################
#              DEFINE FUNCTIONS HERE
##########################################################
f_set_hostname()
if [ "$APPHOST" = "localhost" ]; then
	APPHOST=`hostname`
fi
##########################################################
#  Subroutine to gMake sure we have edirectory bin in path
##########################################################
f_add_edir_path()
if [ -f "$BINDIR/ndspath" ]
	then
		. $BINDIR/ndspath
else
	f_write_and_log "WARNING: Could not find . $BINDIR/ndspath"	
fi
##########################################################
#  Subroutine to get tree name from CONFIGFILE
##########################################################
f_get_treename_from_conf()
{
  TREENAME=`cat $CONFIGFILE | grep "n4u.base.tree-name="|cut -d= -f2`;
}
######################################################################
# Subroutine to Log to LOGFILE does not show to console
######################################################################
f_write_log ()
{
	if [ -n "$LOGFILE" -a -n "$*" ]
	then
		printf "$*\n" >> $LOGFILE
	fi
}
######################################################################
# Sends output to console and to $LOGFILE
######################################################################
f_write_and_log ()
{
	if [ -n "$*" ]
	then
		f_write_log "$*"
		printf "$*\n"
	fi
}
######################################################################
# Subroutine to echo & run command
# Sends output to console and to $LOGFILE
######################################################################
f_cmd ()
# arg_1 = Command to run
{
	f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'` $*"
	cmdOutput=`eval $*`; f_write_and_log "$cmdOutput"
}
######################################################################
# Subroutine to remove files older than X days
# Sends outpuit to console and to $LOGFILE
######################################################################
f_remove_old_files ()
{
  FILEEXTENSION=$2
  DELETEFILEPATH=$1
  f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`:  Deleting '$DELETEFILEPATH/$FILEEXTENSION' files older than $DAYSTOKEEP days ..."
  find $DELETEFILEPATH/ -name '$FILEEXTENSION' -mtime +$DAYSTOKEEP >> /tmp/$THIS_SCRIPT.tmp
  cat /tmp/$THIS_SCRIPT.tmp | while read delfil
  do 
    f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`:  Deleting file ${delfil}"
    f_cmd rm ${delfil}
  done
  [[ -s /tmp/$THIS_SCRIPT.tmp ]] && { rm /tmp/$THIS_SCRIPT.tmp ;}
}
######################################################################
# Subroutine be certain the required directories and files exist
######################################################################
f_checkfilelocations ()
{
	if [ ! -d "$BINDIR" ]
	then
		f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $BINDIR does not exist can not continue"
		exit 1
	fi
	if [ ! -d "$BACKUPDIR" ]
	then
		f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $BACKUPDIR does not exist can not continue"
		exit 1
	fi
	if [ ! -d "$LOGDIR" ]
	then
		f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $LOGDIR does not exist can not continue"
		exit 1
	fi
	if [ ! -f "$CONFIGFILE" ]
	then
		f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $CONFIGFILE does not exist can not continue"
		exit 1
	fi
	if [ ! -f "/etc/dsbk.conf" ]
	then
		f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: /etc/dsbk.conf does not exist can not continue"
		exit 1
	fi
   if [ $PASSBKUP='TRUE' ]
   then
   	if [ ! -d "$JAVA_HOME" ]
   	then
   		f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $JAVA_HOME does not exist can not continue"
   		exit 1
   	fi
   	if [ ! -d "$DUMPUPPATH" ]
   	then
   		f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $DUMPUPPATH does not exist can not continue"
   		exit 1
   	fi
   fi
	tcommand=`cat /etc/dsbk.conf`
	if [ ! -f "$tcommand" ]
	then
	  `touch $tcommand`
	fi
	f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Found required config files and Directories"
}
######################################################################
# Subroutine watch file to see if it changes
######################################################################
f_wait_for_no_mods_on_file ()
{
  MYCHECKFILE=$1
  # Check to see if backup is complete
  sleep 10
  i=`ls -l $MYCHECKFILE | cut -d' ' -f6`
  sleep 10
  i2=`ls -l $MYCHECKFILE | cut -d' ' -f6`
 
  while [ $i -ne $i2 ]
  do
    sleep 60
    i=`ls -l $MYCHECKFILE | cut -d' ' -f6`
    sleep 60
    i2=`ls -l $MYCHECKFILE | cut -d' ' -f6`
  done
}
######################################################################
# Subroutine to dump passwords
######################################################################
f_dump_passwords ()
{
   if [ $PASSBKUP='TRUE' ]
   then
      f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Captureing Passwords " 
      WHEREIAM=`pwd`
      $JAVA_HOME/bin/java -jar $DUMPUPPATH/DumpPasswordInformation.jar -dvAL  -h 192.168.1.7  -z 30000 -Z tls -D $LDAPBACKUPUSER -w $PASSWORD -b $LDAPPEOPLEBASE >/dev/null
      # Put the password ldif file in the correct place.
      mv $WHEREIAM/dumppasswordinformation.ldif $BACKUPDIR/dumppasswordinformation.ldif
      # add the output to the current log file
      cat $WHEREIAM/warn.log >> $LOGFILE
      # remove all the log files for passwords
      rm $WHEREIAM/debug.log
      rm $WHEREIAM/warn.log
      rm $WHEREIAM/error.log
      rm $WHEREIAM/output.log
    else
      f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Captureing Passwords not enabled!" 
    fi
}
##########################################################
#               BEGINNING OF MAIN
##########################################################
f_set_hostname
f_add_edir_path
f_get_treename_from_conf
if [ $DOW = "$FULLBACKUPDOW" ]; then
  BACKUPTYPE=FULL
else
  BACKUPTYPE=INC
fi
LOGFILE=$LOGDIR/$APPNAME-$BACKUPTYPE.log
f_checkfilelocations
f_write_and_log "$DOUBLEBAR"
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: STARTED: $0 By User: $USER started $APPNAME on $APPHOST"
f_write_and_log "Backup of $APPNAME Server - $APPHOST to $BACKUPDIR See log at:$LOGFILE "
# Remove the previous temporary files.
rm /tmp/$APPNAME*
# Weekly Backup
if [ $BACKUPTYPE = "FULL" ]; then
  f_remove_old_files "$BACKUPDIR" "*.gz"
  f_remove_old_files "$LOGDIR" "*.log"
  f_remove_old_files "$BACKUPDIR" "*.dsbk"
  f_remove_old_files "$BACKUPDIR" "*.ldif"
  f_write_and_log "$BACKUPTYPE Backup of $APPNAME on $APPHOST"
  t_thisfile1=$DATE-$DOW-$TREENAME-$APPNAME-$APPHOST-$BACKUPTYPE
	# CMD="backup -b -e $PASSWORD -f $BACKUPDIR/$t_thisfile1.dsbk -l /tmp/$APPNAME-$BACKUPTYPE.log -t -w"
	f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: DSBK Backup initiated "
	# f_write_log "Command used: $CMD"
	$BINDIR/dsbk backup -b -e $PASSWORD -f $BACKUPDIR/$t_thisfile1.dsbk -l /tmp/$APPNAME-$BACKUPTYPE.log -t -w
	f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Waiting $BACKUPPAUSE seconds  for DSBK backup to finish"
	sleep $BACKUPPAUSE
	cat /tmp/$APPNAME-$BACKUPTYPE.log >> $LOGFILE
	f_write_and_log "$SINGLEBAR"
	f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: LDIF Backup initiated "
	$BINDIR/ice -o -l  /tmp/$APPNAME-$BACKUPTYPE-LDIF.log -S LDAP -s $APPHOST -p 389 -d $LDAPBACKUPUSER -w $PASSWORD -b "" -F "(objectclass=*)" -c sub -D LDIF -f $BACKUPDIR/$t_thisfile1.ldif 
	cat /tmp/$APPNAME-$BACKUPTYPE-LDIF.log >> $LOGFILE
	f_write_and_log "$SINGLEBAR"
else
  # Daily Backup
  f_write_and_log "$BACKUPTYPE Backup of $APPNAME on $APPHOST"
  t_thisfile1=$DATE-$DOW-$TREENAME-$APPNAME-$APPHOST-$BACKUPTYPE
	# CMD="backup -i -e $PASSWORD -f $BACKUPDIR/$t_thisfile1.dsbk -l /tmp/$APPNAME-$BACKUPTYPE.log -t -w"
	# f_write "Command used: $CMD"
	f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: DSBK Backup initiated "
	$BINDIR/dsbk backup -i -e $PASSWORD -f $BACKUPDIR/$t_thisfile1.dsbk -l /tmp/$APPNAME-$BACKUPTYPE.log -t -w
	f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Waiting $BACKUPPAUSE seconds  for backup to finish"
  sleep $BACKUPPAUSE
  cat /tmp/$APPNAME-$BACKUPTYPE.log >> $LOGFILE
  f_write_and_log "$SINGLEBAR"
  f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: LDIF Backup initiated See log at:$LOGDIR/$APPNAME-$BACKUPTYPE.log "
	$BINDIR/ice -o -l  /tmp/$APPNAME-$BACKUPTYPE-LDIF.log -S LDAP -s $APPHOST -p 389 -d $LDAPBACKUPUSER -w $PASSWORD -b $LDAPPEOPLEBASE -F "(&(objectclass=inetorgperson)(modifytimestamp>=$LDAPDATELESSONE))" -c sub -D LDIF -f $BACKUPDIR/$t_thisfile1.ldif  
	cat /tmp/$APPNAME-$BACKUPTYPE-LDIF.log >> $LOGFILE
	f_write_and_log "$SINGLEBAR"
fi
f_dump_passwords
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`:Compressing Files: " 
f_cmd tar cvzf $BACKUPDIR/$t_thisfile1.tar.gz $BACKUPDIR/$t_thisfile1.*
f_cmd rm $BACKUPDIR/$t_thisfile1.dsbk*
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: FINISHED: $0 on $APPHOST Check log file: $LOGFILE "
f_write_and_log "$DOUBLEBAR"

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-12) was last changed on 28-Jul-2014 11:37 by jim