diff --git a/docs/roles/debian/ldap_server.md b/docs/roles/debian/ldap_server.md index 2bcd0b378..62421b9be 100644 --- a/docs/roles/debian/ldap_server.md +++ b/docs/roles/debian/ldap_server.md @@ -82,6 +82,8 @@ ldap_server: purge: false backup: false # set to true to create local backups of LDAP backup_path: /opt/slap-bak + backup_script: /usr/local/bin/slap-bak # full filename of the backup script + slapcat_path: /usr/sbin # path to the location of slapcat on the server on_calendar: "*-*-* 23:45:00" # see systemd.time documentation - https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html#Calendar%20Events # TLS settings in LDAP are not separately handled, you need to manually set it up or use the config import feature. # If you use 'manual' SSL handling you need to provide a separate CA certificate. diff --git a/roles/debian/ldap_server/README.md b/roles/debian/ldap_server/README.md index 2bcd0b378..62421b9be 100644 --- a/roles/debian/ldap_server/README.md +++ b/roles/debian/ldap_server/README.md @@ -82,6 +82,8 @@ ldap_server: purge: false backup: false # set to true to create local backups of LDAP backup_path: /opt/slap-bak + backup_script: /usr/local/bin/slap-bak # full filename of the backup script + slapcat_path: /usr/sbin # path to the location of slapcat on the server on_calendar: "*-*-* 23:45:00" # see systemd.time documentation - https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html#Calendar%20Events # TLS settings in LDAP are not separately handled, you need to manually set it up or use the config import feature. # If you use 'manual' SSL handling you need to provide a separate CA certificate. diff --git a/roles/debian/ldap_server/defaults/main.yml b/roles/debian/ldap_server/defaults/main.yml index 249fff7ec..6924e7741 100644 --- a/roles/debian/ldap_server/defaults/main.yml +++ b/roles/debian/ldap_server/defaults/main.yml @@ -16,6 +16,8 @@ ldap_server: purge: false backup: false # set to true to create local backups of LDAP backup_path: /opt/slap-bak + backup_script: /usr/local/bin/slap-bak # full filename of the backup script + slapcat_path: /usr/sbin # path to the location of slapcat on the server on_calendar: "*-*-* 23:45:00" # see systemd.time documentation - https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html#Calendar%20Events # TLS settings in LDAP are not separately handled, you need to manually set it up or use the config import feature. # If you use 'manual' SSL handling you need to provide a separate CA certificate. diff --git a/roles/debian/ldap_server/tasks/main.yml b/roles/debian/ldap_server/tasks/main.yml index e9a2ae55c..709e454a0 100644 --- a/roles/debian/ldap_server/tasks/main.yml +++ b/roles/debian/ldap_server/tasks/main.yml @@ -169,7 +169,7 @@ - name: Create the slapd backup script. ansible.builtin.template: src: slap-bak.j2 - dest: /usr/local/bin/slap-bak + dest: "{{ ldap_server.config.backup_script }}" owner: root group: root mode: 0755 @@ -181,6 +181,6 @@ vars: timers: slapd_backups: - timer_command: "/usr/local/bin/slap-bak && find /opt/slap-bak/ -type f -mtime +60 -print0 | xargs -0 -r rm" + timer_command: "{{ ldap_server.config.backup_script }} &> ldap-backup-$( date +%y%m%d-%H%M ).log && find {{ ldap_server.config.backup_path }}/ -type f -mtime +60 -print0 | xargs -0 -r rm" timer_OnCalendar: "{{ ldap_server.config.on_calendar }}" when: ldap_server.config.backup diff --git a/roles/debian/ldap_server/templates/slap-bak.j2 b/roles/debian/ldap_server/templates/slap-bak.j2 index 6ab8b38f2..759107f86 100644 --- a/roles/debian/ldap_server/templates/slap-bak.j2 +++ b/roles/debian/ldap_server/templates/slap-bak.j2 @@ -1,11 +1,11 @@ #!/bin/sh BACKUPDIR="{{ ldap_server.config.backup_path }}" -mkdir -p "$BACKUPDIR" +/usr/bin/mkdir -p "$BACKUPDIR" CONFIG_LDAPBK="ldap-config-$( date +%y%m%d-%H%M ).ldif" -slapcat -n 0 > "$BACKUPDIR/$CONFIG_LDAPBK" -gzip -9 "$BACKUPDIR/$CONFIG_LDAPBK" +{{ ldap_server.config.slapcat_path }}/slapcat -n 0 > "$BACKUPDIR/$CONFIG_LDAPBK" +/usr/bin/gzip -9 "$BACKUPDIR/$CONFIG_LDAPBK" DATA_LDAPBK="ldap-data-$( date +%y%m%d-%H%M ).ldif" -slapcat -n 1 > "$BACKUPDIR/$DATA_LDAPBK" -gzip -9 "$BACKUPDIR/$DATA_LDAPBK" +{{ ldap_server.config.slapcat_path }}/slapcat -n 1 > "$BACKUPDIR/$DATA_LDAPBK" +/usr/bin/gzip -9 "$BACKUPDIR/$DATA_LDAPBK"