diff --git a/backupninja b/backupninja
index a59d40067c9eafa3be4e183ee2d0f34ef2b34c9f..380ffcc37f0e1afd7f7ae8edada2f63fcb46b045 100755
--- a/backupninja
+++ b/backupninja
@@ -402,6 +402,7 @@ defaultwhen=$when
getconf logfile /var/log/backupninja.log
getconf usecolors "yes"
getconf SLAPCAT /usr/sbin/slapcat
+getconf LDAPSEARCH /usr/bin/ldapsearch
getconf RDIFFBACKUP /usr/bin/rdiff-backup
getconf MYSQL /usr/bin/mysql
getconf MYSQLHOTCOPY /usr/bin/mysqlhotcopy
diff --git a/changelog b/changelog
index bf891cd60b1d4f39add8fc3aa0f52d2d4f3b7180..1eefcd98642b4ba5c54f005851c430304a24dbf6 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,8 @@
+version 0.x -- xxxxxxxxxxxxx
+ ldap handler has new options: backup method to use (ldapsearch or
+ slapcat), restart, passwordfile and binddn. Default backup method
+ is set to ldapsearch as this is safer
+
version 0.5 -- April 12 2005
rdiff handler works when remote sshd has a banner
rdiff handler supports local dest
diff --git a/etc/backup.d/example.ldap b/etc/backup.d/example.ldap
index 4491d12f02d57473c79993c8d0a736f5b26e2e82..ab48ad1e840740d079b64a75d6fd56e596e26f6a 100644
--- a/etc/backup.d/example.ldap
+++ b/etc/backup.d/example.ldap
@@ -18,3 +18,26 @@
## compress (default yes): if set to yes, ldif exports are gzipped.
# compress = yes
+
+## restart (default no): if set to yes, slapd is restarted before backups are
+## performed, and then started again after they have finished, this is necessary
+## if your backend is ldbm and your method is slapcat, but unnecessary otherwise
+# restart = no
+
+## method (default ldapsearch): either 'ldapsearch' or 'slapcat'
+## ldapsearch is the safer method to do backups, but is slow, slapcat
+## is much faster, but should not be done on an ldbm backend unless you have
+## restart set to yes
+# method = ldapsearch
+
+## passwordfile (no default): this should be set to the file that contains
+## your ldap password, this is required for ldapsearch and not needed for slapcat
+## this file should have no newlines in it, echo -n "password" > passfile works.
+## NOTE: be sure to set the permissions on your password file appropriately
+## (hint: world readable is not appropriate)
+# passwordfile =
+
+## binddn (no default): set this to the DN of the user that the ldapsearch binds
+## to, not needed for slapcat
+# binddn =
+
diff --git a/handlers/ldap b/handlers/ldap
index 9ead9d17db491fffa1860d54d197e596fa7bfd5d..e7895190e54cc9c5011dcaf45fad8f95222588e2 100644
--- a/handlers/ldap
+++ b/handlers/ldap
@@ -7,9 +7,10 @@ getconf conf /etc/ldap/slapd.conf
getconf databases all
getconf compress yes
getconf ldif yes
-getconf hotcopy no
-
-# hot copy is not yet supported
+getconf restart no
+getconf method ldapsearch
+getconf passwordfile
+getconf binddn
status="ok"
@@ -42,18 +43,39 @@ if [ "$ldif" == "yes" ]; then
if [ "$dbsuffix" == "" ]; then
continue;
fi
- touch $dumpdir/$dbsuffix.ldif
- if [ ! -f $dumpdir/$dbsuffix.ldif ]; then
- fatal "Couldn't create ldif dump file: $dumpdir/$dbsuffix.ldif"
+
+ if [ "$method" == "slapcat" ]; then
+ execstr="$SLAPCAT -f $conf -b $dbsuffix"
+ if [ "$restart" == "yes" ]; then
+ debug "Shutting down ldap server..."
+ /etc/init.d/slapd stop
+ fi
+ debug "$execstr"
+ else
+ execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
+ [ -f "$passwordfile" ] || fatal "Password file $passwordfile not found"
+ if [ "$restart" == "yes" ]; then
+ debug "Shutting down ldap server..."
+ /etc/init.d/slapd stop
+ fi
+ debug "$execstr"
fi
- execstr="$SLAPCAT -f $conf -b $dbsuffix -l $dumpdir/$dbsuffix.ldif"
- debug "$execstr"
if [ ! $test ]; then
- output=`$execstr`
+
+ touch $dumpdir/$dbsuffix.ldif
+ if [ ! -f $dumpdir/$dbsuffix.ldif ]; then
+ fatal "Couldn't create ldif dump file: $dumpdir/$dbsuffix.ldif"
+ fi
+
+ output=`$execstr > $dumpdir/$dbsuffix.ldif`
code=$?
if [ "$code" == "0" ]; then
debug $output
info "Successfully finished ldif export of $dbsuffix"
+ if [ "$restart" == "yes" ]; then
+ debug "Starting ldap server..."
+ /etc/init.d/slapd start
+ fi
else
warning $output
warning "Failed ldif export of $dbsuffix"