[fix] Review LDAP backup and restore hooks

The configuration is now saved using slapcat instead of trying to generate
it from slapd.conf - which generally fail at restoration.
Also, a backup of configuration and database is made before the restoration,
which allows to return to a "working" state if it fails.

data/hooks/backup/05-conf_ldap

@@ -1,15 +1,16 @@
-backup_dir="$1/conf/ldap"
+#!/bin/bash
-sudo mkdir -p $backup_dir
+
+backup_dir="${1}/conf/ldap"
+sudo mkdir -p "$backup_dir"
 
 # Fix for first jessie yunohost where slapd.conf is called slapd-yuno.conf
 # without slapcat doesn't work
-if [ ! -f /etc/ldap/slapd.conf ]
+[[ ! -f /etc/ldap/slapd.conf ]] \
-then
+  && sudo mv /etc/ldap/slapd-yuno.conf /etc/ldap/slapd.conf
-    sudo mv /etc/ldap/slapd-yuno.conf /etc/ldap/slapd.conf
-fi
 
-sudo cp -a /etc/ldap/slapd.conf $backup_dir/
+# Back up the configuration
+sudo cp -a /etc/ldap/slapd.conf "${backup_dir}/slapd.conf"
+sudo slapcat -b cn=config -l "${backup_dir}/cn=config.master.ldif"
 
-sudo slapcat -l $backup_dir/slapcat.ldif.raw
+# Back up the database
-sudo bash -c "egrep -v '^entryCSN:' < $backup_dir/slapcat.ldif.raw > $backup_dir/slapcat.ldif"
+sudo slapcat -b dc=yunohost,dc=org -l "${backup_dir}/dc=yunohost-dc=org.ldif"
-sudo rm -f $backup_dir/slapcat.ldif.raw

data/hooks/restore/05-conf_ldap

@@ -1,36 +1,59 @@
-backup_dir="$1/conf/ldap"
+#!/bin/bash
 
-if [ -z "$2" ]; then
+backup_dir="${1}/conf/ldap"
+
+if [[ $EUID -ne 0 ]]; then
 
     # We need to execute this script as root, since the ldap
     # service will be shut down during the operation (and sudo
     # won't be available)
-    sudo bash $(pwd)/$0 $1 sudoed
+    sudo /bin/bash $(readlink -f $0) $1
 
 else
-    service slapd stop
+    service slapd stop || true
 
-    # Backup old configuration
+    # Create a directory for backup
-    mv /var/lib/ldap /var/lib/ldap.old
+    TMPDIR="/tmp/$(date +%s)"
+    mkdir -p "$TMPDIR"
 
-    # Recreate new DB folder
+    die() {
-    mkdir /var/lib/ldap
+        state=$1
-    chown openldap: /var/lib/ldap
+        error=$2
-    chmod go-rwx  /var/lib/ldap
 
-    # Restore LDAP configuration (just to be sure)
+        # Restore saved configuration and database
-    cp -a $backup_dir/slapd.conf /etc/ldap/slapd.conf
+        [[ $state -ge 1 ]] \
+          && (rm -rf /etc/ldap/slapd.d &&
+              mv "${TMPDIR}/slapd.d" /etc/ldap/slapd.d)
+        [[ $state -ge 2 ]] \
+          && (rm -rf /var/lib/ldap &&
+              mv "${TMPDIR}/ldap" /var/lib/ldap)
+        chown -R openldap: /etc/ldap/slapd.d /var/lib/ldap
 
-    # Regenerate the configuration
-    rm -rf /etc/ldap/slapd.d/*
-    slaptest -u -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d
-    cp -rfp /var/lib/ldap.old/DB_CONFIG /var/lib/ldap
-
-    # Import the database
-    slapadd -l $backup_dir/slapcat.ldif
-
-    # Change permissions and restart slapd
-    chown openldap: /var/lib/ldap/*
         service slapd start
-    rm -rf /var/lib/ldap.old
+        rm -rf "$TMPDIR"
+
+        # Print an error message and exit
+        printf "%s" "$error" 1>&2
+        exit 1
+    }
+
+    # Restore the configuration
+    mv /etc/ldap/slapd.d "$TMPDIR"
+    mkdir -p /etc/ldap/slapd.d
+    cp -a "${backup_dir}/slapd.conf" /etc/ldap/slapd.conf
+    slapadd -F /etc/ldap/slapd.d -b cn=config \
+        -l "${backup_dir}/cn=config.master.ldif" \
+      || die 1 "Unable to restore LDAP configuration"
+    chown -R openldap: /etc/ldap/slapd.d
+
+    # Restore the database
+    mv /var/lib/ldap "$TMPDIR"
+    mkdir -p /var/lib/ldap
+    slapadd -F /etc/ldap/slapd.d -b dc=yunohost,dc=org \
+        -l "${backup_dir}/dc=yunohost-dc=org.ldif" \
+      || die 2 "Unable to restore LDAP database"
+    chown -R openldap: /var/lib/ldap
+
+    service slapd start
+    rm -rf "$TMPDIR"
 fi