Backup directory objects with ndsbackup
Often when considering backups of directories most people just think of losing a server. But the more common issue is objects in the directory getting deleted, or improperly adjusted. This could be members of groups, users in the directory tree, or even whole sub-containers of objects. If you have someone accidentally delete say 100 users and the management is asking you how soon those accounts will be back what is your answer? If you are running eDirectory and also performing regular ndsbackup jobs you can restore all those users within about 5 minutes, with passwords and all the other attributes. Note: This utility will only run on Linux.
Prepping for using ndsbackup securely in scripts
You will need to run the ndsbackup command using an administrator level account. You will want to write a script to run this from a cron job. But you don't want your password sitting out in that script. There is a wonderful little utility in eDirectory called ndspassstore that will store the password securely up in the directory. It is a simple step to run the following command on your server to store the password.
ndspassstore -a cn=admin.o=asgadmins -w password
You will specify the username in the dotted eDir format. So it would be like admin.asgusers for example. Also, if you change the admin users password you will need to rerun the command with the new password.
Performing a backup of all objects
The most basic backup will backup every object in the tree. Most of the time this is the backup you will want to perform regularly. I backup our objects nightly. One thing you might notice is that the command structure will look fairly similar to using tar. You start with the command and then c for create backup and then f followed by a file name to store the backup in. You can name it whatever you want. I usually end in a bak extension. But there is no defined rule for file name. Then your username followed by the -p will passstore to use the password you stored using the command above. Finally, you have [Root] to tell the command to back everything up starting at the top of the tree.
ndsbackup cf mybackupfile.bak -a cn=admin.o=asgadmins -p passstore [Root]
Usually when I am testing the command to make sure it is working I will also put a v in the command to make it verbose (so cvf). That way you will see a line for each object being backed up as the command is running. Later when you put it in a script to run from cron you can leave out the v option. Running in verbose will cause the command to run slower because it has to write all the data to the screen. It is still very fast though.
So that is the basics of the backup command to create an object level backup of the directory. In my script I will use the date command to create part of the filename that is for that day. I also then will zip the file up to make it smaller. It will compress to a much smaller size. That way I can keep several weeks on the server. I have had a few times I did not get a report of the deletion of objects until a week or more after it happened. Better safe than sorry.
So that is the basics of the backup command to create an object level backup of the directory. In my script I will use the date command to create part of the filename that is for that day. I also then will zip the file up to make it smaller. It will compress to a much smaller size. That way I can keep several weeks on the server. I have had a few times I did not get a report of the deletion of objects until a week or more after it happened. Better safe than sorry.
#!/bin/bash
ndsbackup cf /data/backup/`date +%Y-%m-%d-`ndsbackup.bak -a cn=admin.o=asgadmins -p passstore [Root]
gzip /data/backup/`date +%Y-%m-%d-`ndsbackup.bak
So we now are backing up all the objects in the tree starting at the root. You can also backup just portions of the tree. Maybe you are getting ready to make a change to a lot of objects in a part of the tree. You can do a selective backup of just that part of the tree before you make the changes. All you need to do is specify the area of the tree, or object, in place of [Root] at the end of the command. So say you want to backup just the groups before making some major group membership adjustments. You could do the following.
ndsbackup cf groupbackup.bak -a cn=admin.o=asgadmins -p passstore ou=groups.o=asgorg
You can even back up just a specific user or group simply by specifying that object. So we could put in cn=bob.ou=users.o=asgorg to back up just an individual user for example.
Restoring objects to the tree
Obviously a backup is useless if you cannot restore from it. So we need to know how to restore from an ndsbackup file. What is extremely nice about ndsbackup is that it is an object level backup. So you can restore single objects to the directory like a single user, a single group, or a single printer for example.
The structure is basically the same for a restore as it is for a backup except for one thing. Instead of using c for create a backup you will use x to restore from the file to the directory. So let's say we would need to restore an account for John. We simply specify the x switch then the users account dn at the end of the line and the ndsbackup tool will search through the backup file until it finds the record for that one user and restore it to the directory. In the case of a user it will restore their password along with all other data. This is one thing that performing backups using an ldif extract cannot do.
The structure is basically the same for a restore as it is for a backup except for one thing. Instead of using c for create a backup you will use x to restore from the file to the directory. So let's say we would need to restore an account for John. We simply specify the x switch then the users account dn at the end of the line and the ndsbackup tool will search through the backup file until it finds the record for that one user and restore it to the directory. In the case of a user it will restore their password along with all other data. This is one thing that performing backups using an ldif extract cannot do.
ndsbackup xf groupbackup.bak -a cn=admin.o=asgadmins -p passstore cn=john.ou=users.o=asgorg
Home |
About |
Services |
Copyright © 2016