From owner-dev-commits-ports-all@freebsd.org Mon Aug 2 08:05:14 2021 Return-Path: Delivered-To: dev-commits-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E30EF670335; Mon, 2 Aug 2021 08:05:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GdVt264Rfz3H0G; Mon, 2 Aug 2021 08:05:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AE5901C383; Mon, 2 Aug 2021 08:05:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 17285E32008939; Mon, 2 Aug 2021 08:05:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 17285EVQ008938; Mon, 2 Aug 2021 08:05:14 GMT (envelope-from git) Date: Mon, 2 Aug 2021 08:05:14 GMT Message-Id: <202108020805.17285EVQ008938@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Xin LI Subject: git: ea9ee3986cfc - main - net/openldap24-server: Upon shutdown, backup database in LDIF form. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: delphij X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ea9ee3986cfc009c8e463a5c0f2db796371c3cb4 Auto-Submitted: auto-generated X-BeenThere: dev-commits-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the ports repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Aug 2021 08:05:14 -0000 The branch main has been updated by delphij: URL: https://cgit.FreeBSD.org/ports/commit/?id=ea9ee3986cfc009c8e463a5c0f2db796371c3cb4 commit ea9ee3986cfc009c8e463a5c0f2db796371c3cb4 Author: Xin LI AuthorDate: 2021-08-02 07:59:27 +0000 Commit: Xin LI CommitDate: 2021-08-02 07:59:54 +0000 net/openldap24-server: Upon shutdown, backup database in LDIF form. The upcoming OpenLDAP 2.5 update requires a format change to mdb databases. It is mandatory for existing slapd-mdb(5) databases to be exported via an OpenLDAP 2.4 slapcat prior to upgrade, then reloaded via an OpenLDAP 2.5 slapadd after upgrade. To make sure that the user always have a backup somewhere, introduce a backup mechanism (enabled by default, and may be disabled by setting rc.conf variable slapd_autobackup_enable to "NO") in the slapd rc.d script upon shutdown. By default, the backups will be stored at /var/backups/openldap and a total of 8 backups will be kept, with the oldest backup overwritten as needed. Backups are compressed using zstd, or, when zstd is not available, using gzip. The compression can be disabled by setting slapd_autobackup_compress to "NO", if desirable (e.g. if /var/backups is located on a file system that is capable of doing compression, like ZFS). --- net/openldap24-server/Makefile | 4 +- net/openldap24-server/files/slapd.in | 71 ++++++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+), 1 deletion(-) diff --git a/net/openldap24-server/Makefile b/net/openldap24-server/Makefile index 6146a8c82b34..afbf8a4a3d2d 100644 --- a/net/openldap24-server/Makefile +++ b/net/openldap24-server/Makefile @@ -46,7 +46,7 @@ BROKEN= incompatible OpenLDAP version: ${WANT_OPENLDAP_VER} .endif PORTREVISION_CLIENT= 1 -PORTREVISION_SERVER= 2 +PORTREVISION_SERVER= 3 OPENLDAP_SHLIB_MAJOR= 2 OPENLDAP_SHLIB_MINOR= 11.7 OPENLDAP_MAJOR= ${DISTVERSION:R} @@ -394,10 +394,12 @@ SCHEMATA= collective corba core cosine duaconf dyngroup \ LDAP_RUN_DIR?= /var/run/openldap LOCALSTATEDIR?= /var/db DATABASEDIR?= ${LOCALSTATEDIR}/openldap-data +BACKUPDIR?= /var/backups/openldap SUB_LIST+= LDAP_RUN_DIR=${LDAP_RUN_DIR} \ LDAP_USER=${LDAP_USER} \ LDAP_GROUP=${LDAP_GROUP} \ + BACKUPDIR=${BACKUPDIR} \ DATABASEDIR=${DATABASEDIR} \ PORTNAME=${PORTNAME} \ PKGNAME=${PKGNAME} \ diff --git a/net/openldap24-server/files/slapd.in b/net/openldap24-server/files/slapd.in index 9c9cb7779ca6..620c2f4d255c 100644 --- a/net/openldap24-server/files/slapd.in +++ b/net/openldap24-server/files/slapd.in @@ -30,6 +30,18 @@ # #slapd_krb5_ktname="/path/to/ldap.keytab" # +#slapd_autobackup_enable="YES" +# To enable automatic backup of OpenLDAP data after successful shutdown +# in the form of LDIF. +# +#slapd_autobackup_num="8" +# How many automatic backups should this script keep. +# +#slapd_autobackup_compress="YES" +# Compress backup data with zstd (if present) or gzip. +# +#slapd_autobackup_name="backup" +# Name to be used for backups . /etc/rc.subr @@ -47,6 +59,10 @@ fi : ${slapd_owner="%%LDAP_USER%%:%%LDAP_GROUP%%"} : ${slapd_sockets_mode="666"} : ${slapd_cn_config="NO"} +: ${slapd_autobackup_enable="YES"} +: ${slapd_autobackup_num="8"} +: ${slapd_autobackup_compress="YES"} +: ${slapd_autobackup_name="backup"} command="%%PREFIX%%/libexec/slapd" pidfile="%%LDAP_RUN_DIR%%/slapd.pid" @@ -63,6 +79,7 @@ fi start_precmd=start_precmd start_postcmd=start_postcmd +stop_postcmd=stop_postcmd # extract user and group, adjust ownership of directories and database @@ -143,4 +160,58 @@ start_postcmd() done } +stop_postcmd() +{ + local compress_program compress_suffix + + if checkyesno slapd_autobackup_enable; then + if checkyesno slapd_autobackup_compress; then + if [ -x /usr/bin/zstd ]; then + compress_program="/usr/bin/zstd" + compress_suffix=".zstd" + else + compress_program="/usr/bin/gzip" + compress_suffix=".gz" + fi + else + compress_program="cat" + compress_suffix="" + fi + + umask 077 + mkdir -p %%BACKUPDIR%% + chmod 700 %%BACKUPDIR%% + + n=0 + while [ ${n} -lt ${slapd_autobackup_num} ]; do + backup_file="%%BACKUPDIR%%/${slapd_autobackup_name}.ldif.${n}${compress_suffix}" + if [ ! -e "${backup_file}" -o -f "${backup_file}" ]; then + break + fi + n=$(( ${n} + 1 )) + done + if [ -f "${backup_file}" ]; then + n=$(( ${n} + 1 )) + while [ ${n} -lt ${slapd_autobackup_num} ]; do + next_backup_file="%%BACKUPDIR%%/${slapd_autobackup_name}.ldif.${n}${compress_suffix}" + if [ -f "${next_backup_file}" ]; then + [ "${next_backup_file}" -ot "${backup_file}" ] && \ + backup_file=${next_backup_file} + elif [ ! -e "${next_backup_file}" ]; then + backup_file=${next_backup_file} + break + fi + n=$(( ${n} + 1 )) + done + fi + if [ -e "${backup_file}" -a ! -f "${backup_file}" ]; then + err 1 "Unable to backup OpenLDAP data" + else + info "Backing up OpenLDAP data to ${backup_file}" + fi + + %%PREFIX%%/sbin/slapcat | ${compress_program} > ${backup_file} + fi +} + run_rc_command "$1"