osixia / docker-openldap-backup Goto Github PK

View Code? Open in Web Editor NEW

98.0 98.0 43.0 77 KB

A docker image to run OpenLDAP, and make periodic backups 🐳

License: MIT License

Makefile 12.24% Shell 69.87% Dockerfile 17.89%

backup docker docker-image openldap

docker-openldap-backup's People

Contributors

Stargazers

Watchers

Forkers

sunil-kumar3 wildone bwits enslab jacyzon tspannhw thinhnd8752 cctb-it-wuerzburg robbyoconnor jandradap einyx jackeypeng songyingjun ezc gouthamrt8 shoepping jodlajodla louhde awsomedpm zhangyaxu riesinger pwfoo xiaobao623 xiongjungit tobiasbp wheldom01 harenber ssddn blank-1 joaqquin89 oschlueter wolfgangmehner aaron-kk pksalagala gitdr anirudh-ramesh jianpingzhangbill blackcounter texomadestinations mirza-wasabi guimard ddiawara prasadborkar1109

docker-openldap-backup's Issues

How to retrieve the users data out of unzipped config file ?

i checked this #5

But i dont see any data file to restore. i see only config gz files in format of 20201118T184501-config.gz

docker container stucks in `restarting`

I have the issue that the docker container is stuck in restaring after docker-compose down and docker-compose up -d.

CONTAINER ID   IMAGE                                    COMMAND                  CREATED          STATUS                         PORTS                                       NAMES
44bf1c1e0fee   osixia/openldap-backup:1.5.0             "/container/tool/run"    21 seconds ago   Restarting (1) 2 seconds ago                                               openldap

The compose file looks like:

version: "3.5"
services:
  openldap:
    restart: unless-stopped
    image: osixia/openldap-backup:1.5.0
    networks:
      - docker-netzwerk
    container_name: openldap
    environment:
      - TZ=Europe/Berlin
      - MAX_UPLOAD_SIZE=100M
      - LDAP_ORGANISATION=${LDAP_ORGANISATION}
      - LDAP_DOMAIN=${LDAP_DOMAIN}
      - LDAP_CONFIG_PASSWORD=config
      - LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
      - BASE_DN=${BASE_DN}
      - ENABLE_READONLY_USER=false
      - READONLY_USER_USER=reader
      - READONLY_USER_PASS=reader
      #      - NETWORK_ACCESS=internal
      - LDAP_OPENLDAP_UID=1012
      - LDAP_OPENLDAP_GID=1000
      - LDAP_BACKEND=mdb
      - LDAP_BACKUP_CONFIG_CRON_EXP=0 4 * * *
      - LDAP_BACKUP_DATA_CRON_EXP=0 4 * * * # 4:00h am
      - LDAP_BACKUP_TTL=90 # 90 Tage vorhalten
    ports:
      - 389:389
    volumes:
      - ./backup:/data/backup
      - ./var/lib/ldap:/var/lib/ldap
      - ./etc/ldap/slapd.d:/etc/ldap/slapd.d

  phpldapadmin:
    restart: unless-stopped
    image: osixia/phpldapadmin:0.9.0
    container_name: phpldapadmin
    networks:
      - docker-netzwerk
    links:
      - openldap
        #    ports:
        #      - 6443:443
    environment:
      #  - MAX_UPLOAD_SIZE=100M
      - VIRTUAL_HOST=${VIRTUAL_HOST}
      - CERT_NAME=shared
      - VIRTUAL_PROTO=https
      - VIRTUAL_PORT=443
      - PHPLDAPADMIN_LDAP_HOSTS=openldap
      - NETWORK_ACCESS=internal
    # - PHPLDAPADMIN_HTTPS=false
    volumes:
      - ./phpldapadmin/:/container/service/phpldapadmin/assets/config/
      - ./php.ini:/etc/php/7.3/cli/php.ini
      - ./php.ini:/etc/php/7.3/fpm/php.ini

networks:
  docker-netzwerk:
    external:
      name: docker-netzwerk

And the logs look like

PS C:\Users\xgvnhow\Documents\Git-RD\docker-files-prod-B\openldap> docker logs openldap
***  INFO   | 2022-07-14 15:18:50 | CONTAINER_LOG_LEVEL = 3 (info)
***  INFO   | 2022-07-14 15:18:50 | Search service in CONTAINER_SERVICE_DIR = /container/service :
***  INFO   | 2022-07-14 15:18:50 | link /container/service/:cron/startup.sh to /container/run/startup/:cron
***  INFO   | 2022-07-14 15:18:50 | link /container/service/:cron/process.sh to /container/run/process/:cron/run
***  INFO   | 2022-07-14 15:18:50 | link /container/service/:logrotate/startup.sh to /container/run/startup/:logrotate
***  INFO   | 2022-07-14 15:18:50 | link /container/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools
***  INFO   | 2022-07-14 15:18:50 | link /container/service/:syslog-ng-core/startup.sh to /container/run/startup/:syslog-ng-core
***  INFO   | 2022-07-14 15:18:50 | link /container/service/:syslog-ng-core/process.sh to /container/run/process/:syslog-ng-core/run
***  INFO   | 2022-07-14 15:18:50 | link /container/service/slapd/startup.sh to /container/run/startup/slapd
***  INFO   | 2022-07-14 15:18:50 | link /container/service/slapd/process.sh to /container/run/process/slapd/run
***  INFO   | 2022-07-14 15:18:50 | link /container/service/slapd-backup/startup.sh to /container/run/startup/slapd-backup
***  INFO   | 2022-07-14 15:18:50 | Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/98-default/default.yaml
/container/environment/99-default/default.startup.yaml
/container/environment/99-default/default.yaml

To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
***  INFO   | 2022-07-14 15:18:50 | Running /container/run/startup/:cron...
***  INFO   | 2022-07-14 15:18:50 | Running /container/run/startup/:logrotate...
***  INFO   | 2022-07-14 15:18:50 | Running /container/run/startup/:ssl-tools...
***  INFO   | 2022-07-14 15:18:50 | Running /container/run/startup/:syslog-ng-core...
***  INFO   | 2022-07-14 15:18:50 | Running /container/run/startup/slapd...
***  INFO   | 2022-07-14 15:18:50 | openldap user and group adjustments
***  INFO   | 2022-07-14 15:18:50 | get current openldap uid/gid info inside container
***  INFO   | 2022-07-14 15:18:50 | CUR_USER_UID (911) does't match LDAP_OPENLDAP_UID (1012), adjusting...
***  INFO   | 2022-07-14 15:18:50 | CUR_USER_GID (911) does't match LDAP_OPENLDAP_GID (1000), adjusting...
***  INFO   | 2022-07-14 15:18:50 | -------------------------------------
***  INFO   | 2022-07-14 15:18:50 | openldap GID/UID
***  INFO   | 2022-07-14 15:18:50 | -------------------------------------
***  INFO   | 2022-07-14 15:18:50 | User uid: 1012
***  INFO   | 2022-07-14 15:18:50 | User gid: 1000
***  INFO   | 2022-07-14 15:18:50 | uid/gid changed: true
***  INFO   | 2022-07-14 15:18:50 | -------------------------------------
***  INFO   | 2022-07-14 15:18:50 | updating file uid/gid ownership
***  INFO   | 2022-07-14 15:18:51 | Start OpenLDAP...
***  ERROR  | 2022-07-14 15:18:51 | /container/run/startup/slapd failed with status 1

***  INFO   | 2022-07-14 15:18:51 | Killing all processes...
***  INFO   | 2022-07-14 15:18:55 | CONTAINER_LOG_LEVEL = 3 (info)
***  INFO   | 2022-07-14 15:18:55 | Search service in CONTAINER_SERVICE_DIR = /container/service :
***  INFO   | 2022-07-14 15:18:55 | link /container/service/:cron/startup.sh to /container/run/startup/:cron
*** WARNING | 2022-07-14 15:18:55 | failed to link /container/service/:cron/startup.sh to /container/run/startup/:cron: [Errno 17] File exists: '/container/service/:cron/startup.sh' -> '/container/run/startup/:cron'
***  INFO   | 2022-07-14 15:18:55 | link /container/service/:cron/process.sh to /container/run/process/:cron/run
*** WARNING | 2022-07-14 15:18:55 | directory /container/run/process/:cron already exists
*** WARNING | 2022-07-14 15:18:55 | failed to link /container/service/:cron/process.sh to /container/run/process/:cron/run : [Errno 17] File exists: '/container/service/:cron/process.sh' -> '/container/run/process/:cron/run'
***  INFO   | 2022-07-14 15:18:55 | link /container/service/:logrotate/startup.sh to /container/run/startup/:logrotate
*** WARNING | 2022-07-14 15:18:55 | failed to link /container/service/:logrotate/startup.sh to /container/run/startup/:logrotate: [Errno 17] File exists: '/container/service/:logrotate/startup.sh' -> '/container/run/startup/:logrotate'    
***  INFO   | 2022-07-14 15:18:55 | link /container/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools
*** WARNING | 2022-07-14 15:18:55 | failed to link /container/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools: [Errno 17] File exists: '/container/service/:ssl-tools/startup.sh' -> '/container/run/startup/:ssl-tools'    
***  INFO   | 2022-07-14 15:18:55 | link /container/service/:syslog-ng-core/startup.sh to /container/run/startup/:syslog-ng-core
*** WARNING | 2022-07-14 15:18:55 | failed to link /container/service/:syslog-ng-core/startup.sh to /container/run/startup/:syslog-ng-core: [Errno 17] File exists: '/container/service/:syslog-ng-core/startup.sh' -> '/container/run/startup/:syslog-ng-core'
***  INFO   | 2022-07-14 15:18:55 | link /container/service/:syslog-ng-core/process.sh to /container/run/process/:syslog-ng-core/run
*** WARNING | 2022-07-14 15:18:55 | directory /container/run/process/:syslog-ng-core already exists
*** WARNING | 2022-07-14 15:18:55 | failed to link /container/service/:syslog-ng-core/process.sh to /container/run/process/:syslog-ng-core/run : [Errno 17] File exists: '/container/service/:syslog-ng-core/process.sh' -> '/container/run/process/:syslog-ng-core/run'
***  INFO   | 2022-07-14 15:18:55 | link /container/service/slapd/startup.sh to /container/run/startup/slapd
*** WARNING | 2022-07-14 15:18:55 | failed to link /container/service/slapd/startup.sh to /container/run/startup/slapd: [Errno 17] File exists: '/container/service/slapd/startup.sh' -> '/container/run/startup/slapd'
***  INFO   | 2022-07-14 15:18:55 | link /container/service/slapd/process.sh to /container/run/process/slapd/run
*** WARNING | 2022-07-14 15:18:55 | directory /container/run/process/slapd already exists
*** WARNING | 2022-07-14 15:18:55 | failed to link /container/service/slapd/process.sh to /container/run/process/slapd/run : [Errno 17] File exists: '/container/service/slapd/process.sh' -> '/container/run/process/slapd/run'
***  INFO   | 2022-07-14 15:18:55 | link /container/service/slapd-backup/startup.sh to /container/run/startup/slapd-backup
*** WARNING | 2022-07-14 15:18:55 | failed to link /container/service/slapd-backup/startup.sh to /container/run/startup/slapd-backup: [Errno 17] File exists: '/container/service/slapd-backup/startup.sh' -> '/container/run/startup/slapd-backup'
***  INFO   | 2022-07-14 15:18:55 | Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/98-default/default.yaml
/container/environment/99-default/default.startup.yaml
/container/environment/99-default/default.yaml

To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
***  INFO   | 2022-07-14 15:18:55 | Running /container/run/startup/:cron...
***  INFO   | 2022-07-14 15:18:55 | Running /container/run/startup/:logrotate...
***  INFO   | 2022-07-14 15:18:56 | Running /container/run/startup/:ssl-tools...
***  INFO   | 2022-07-14 15:18:56 | Running /container/run/startup/:syslog-ng-core...
***  INFO   | 2022-07-14 15:18:56 | Running /container/run/startup/slapd...
***  INFO   | 2022-07-14 15:18:56 | openldap user and group adjustments
***  INFO   | 2022-07-14 15:18:56 | get current openldap uid/gid info inside container
***  INFO   | 2022-07-14 15:18:56 | -------------------------------------
***  INFO   | 2022-07-14 15:18:56 | openldap GID/UID
***  INFO   | 2022-07-14 15:18:56 | -------------------------------------
***  INFO   | 2022-07-14 15:18:56 | User uid: 1012
***  INFO   | 2022-07-14 15:18:56 | User gid: 1000
***  INFO   | 2022-07-14 15:18:56 | uid/gid changed: false
***  INFO   | 2022-07-14 15:18:56 | -------------------------------------
***  INFO   | 2022-07-14 15:18:56 | updating file uid/gid ownership
***  INFO   | 2022-07-14 15:18:57 | Start OpenLDAP...
***  ERROR  | 2022-07-14 15:18:57 | /container/run/startup/slapd failed with status 1

***  INFO   | 2022-07-14 15:18:57 | Killing all processes...

Image interest

What's the point of this image and all these executed scripts?
Is it not as simple to just tar the mounted volumes and move the backup from an host to another?

How to restore backups

It is not described - how to restore the backups from the data found in my volume

backup doesn't work

Since osixia/openldap-backup:1.2.3 is having some startup issue, I used 1.2.2 instead.

Here is my docker-compose.yaml. The two service works fine but ldap backup doesn't work.
No matter what cron expression I used, the backup folder is always empty.

version: '2'

services:
openldap:
image: osixia/openldap-backup:1.2.2
command: --loglevel debug
ports:
- "389:389"
- "636:636"
volumes:
- '/srv/ldap/database:/var/lib/ldap'
- '/srv/ldap/config:/etc/ldap/slapd.d'
- '/srv/ldap/backup:/data/backup'
environment:
- LDAP_ORGANISATION="riseye"
- LDAP_DOMAIN=riseye.com
- LDAP_ADMIN_PASSWORD=Initial0
- LDAP_BACKUP_CONFIG_CRON_EXP="0 0/5 0 ? * * *"
- LDAP_BACKUP_DATA_CRON_EXP="0 0/5 0 ? * * *"
networks:
- test

phpldapadmin:
image: osixia/phpldapadmin:0.7.2
ports:
- "6443:443"
environment:
- PHPLDAPADMIN_LDAP_HOSTS=openldap
networks:
- test

networks:
test:
external: true

Secure LDAP Replication

I am trying to setup a Secure replication btween two hosts. TO start with I just changed
'ldap" protocol to 'ldaps' in repliation hosts list.. it broke the replication.
Is there any other setup. if someone can point me to docs or previously resoved issue i would very much appreciate .

Error restoring config

Hi,
I'm having trouble restoring config: every entry add by slapd-restore-config fails with "slapadd: could not add entry...".

After reading documentation and doing some tries I found that /sbin/slapd-restore probably should empty /etc/ldap/slapd.d directory and chown to openldap before executing slapadd.

Am I wrong?

Thank you,
Luca

only the two root nodes of the ldap database gets dumped

my main problem: i want to backup the ldap database, so i tried to use the ldap backup docker image, but not the whole data gets backed up. as far as i understand only the two root nodes of the ldap database gets dumped, and here is my docker-compose.yml:

services:
  db:
    image: mysql:latest
    volumes:
      - "./.data/db:/var/lib/mysql"
      - "./conf/mysql:/etc/mysql/conf.d"
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: ldap
      MYSQL_DATABASE: ldap
      MYSQL_USER: dingfu
      MYSQL_PASSWORD: ldap

  ldap-client:
    image: osixia/phpldapadmin:latest
    hostname: dingfudata
    domainname: ldap.dingfudata.com
    depends_on:
      - db
      - ldap
    links:
      - db
      - ldap:ldap.dingfudata.com
    ports:
      - 6443:443
    restart: always
    environment:
      LDAP_DB_HOST: db:3306
      LDAP_DB_PASSWORD: ldap
      LDAP_DB_USER: dingfu
      LDAP_DB_NAME: ldap
      PHPLDAPADMIN_LDAP_HOSTS: ldap.dingfudata.com
      PHPLDAPADMIN_LDAP_CLIENT_TLS: "false"

  ldap:
    depends_on:
      - db
    image: osixia/openldap:latest
    hostname: dingfudata
    domainname: ldap.dingfudata.com
    ports:
      - "389:389"
    volumes:
      - "./.data/var/lib/ldap:/var/lib/ldap"
      - "./.data/etc/ldap/slapd.d:/etc/ldap/slapd.d"
    links:
      - db
    restart: always
    environment:
      LDAP_DB_HOST: db:3306
      LDAP_DB_PASSWORD: ldap
      LDAP_DB_USER: dingfu
      LDAP_DB_NAME: ldap
      LDAP_ORGANISATION: DingFu
      LDAP_DOMAIN: ldap.dingfudata.com
      LDAP_ADMIN_PASSWORD: *****
      LDAP_TLS: "false"

  ldapbackup:
    depends_on:
      - db
      - ldap
    image: osixia/openldap-backup:latest
    hostname: dingfudata
    domainname: ldap.dingfudata.com
    volumes:
      - "./.data/openldap/backup:/data/backup"
      - "./.data/etc/ldap/slapd.d:/etc/ldap/slapd.d"
    links:
      - db
      - ldap:ldap.dingfudata.com
    restart: always
    environment:
      LDAP_DB_HOST: db:3306
      LDAP_DB_PASSWORD: ldap
      LDAP_DB_USER: dingfu
      LDAP_DB_NAME: ldap
      LDAP_ORGANISATION: DingFu
      LDAP_DOMAIN: ldap.dingfudata.com
      LDAP_ADMIN_PASSWORD: ****
      LDAP_BACKUP_CONFIG_CRON_EXP: "0 5 * * *"
      LDAP_BACKUP_DATA_CRON_EXP: "0 5 * * *"

Question about intended usage of this image.

Is this image intended to be used in place of osixia/docker-openldap, if you would like to have scheduled backup built into the image?

Can't make backup work

Hi,

Thanks a lot for all the Dockerfiles you provided. I've got some troubles using this image. I tried the following launch:
docker run --name ldap-service --hostname ldap-service --env LDAP_BACKUP_DATA_CRON_EXP=“* * * * * *” --env LDAP_BACKUP_CONFIG_CRON_EXP=“* * * * * *” osixia/openldap-backup
in order to make the backup every minute.

When entering into it; (docker exec -it ldap-service /bin/bash), I'm waiting for the backup to appear in /data/backup, but nothing happens. Could you help me? Maybe I'm wrong somewhere.

Thanks;

Data backup file is empty

Image version 1.2.5
Default CRON settings (no explicit env. vars set)
Data backup file has file size 0.

When using this image and importing ENV for TTL and CRON it puts and "=" at the end thus setting the ENV improperly

When setting the following in an ENV file and using compose like so:

openldap:
    image: osixia/openldap-backup:1.5.0
    hostname: ldap1.example.com
    volumes:
      - /path/to/ldap_db:/var/lib/ldap
      - /path/to/ldap_config:/etc/ldap/slapd.d
      - /path/to/data/backup:/data/backup
    environment:
      - LDAP_ORGANISATION=example-com
      - LDAP_DOMAIN=example.com
      - LDAP_ADMIN_PASSWORD=verysecretadminpassword
      - LDAP_CONFIG_PASSWORD=verysecretconfigpassword
      - LDAP_RFC2307BIS_SCHEMA=true
      - LDAP_REMOVE_CONFIG_AFTER_SETUP=true
      - LDAP_TLS_VERIFY_CLIENT=never
      - LDAP_BACKEND=mdb
      #- LDAP_REPLICATION=true
    env_file:
      - .env
    ports:
      - "389:389"
      - "636:636"
    networks:
      - openldap

And using this in the .env file

# Backup config and data every day at 4:00am
LDAP_BACKUP_CONFIG_CRON_EXP: 0 4 * * *
LDAP_BACKUP_DATA_CRON_EXP: 0 4 * * *

# Delete backups that are over 15 days
LDAP_BACKUP_TTL: 15

# Upload backups to S3
UPLOAD_TO_S3: false
S3_PATH: bucket/key-folder

It sets up an file called /container/run/environment.sh

After looking at the file because the backup jobs don't run I see this
export LDAP_BACKUP_TTL=15=
export LDAP_BACKUP_DATA_CRON_EXP='0 4 * * *='
...
export S3_PATH=bucket/key-folder=
export LDAP_BACKUP_CONFIG_CRON_EXP='0 4 * * *='

I had to update apt and install nano/vi whatever and edit envrionment.sh and run again. It seems like the parsing throws in an "=" at the end of those variables...but just those ones, the other ones are fine. So if I had an S3 backups for example the folder wouldn't be reachable because of the "=" being parsed.

outdated documentation?

Looks like the README is not pointing to the latest available tag (1.1.9 instead of 1.1.10). Is there a reason for that?

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.