LDAP for internet project. Part 2

References to the remaining parts: the first , the third , the fourth , the fifth .

I continue the story.
Let me remind you that in the first part we installed OpenLDAP on two servers and set up replication between them.

2. Set up a backup, the benefit is not so difficult.

I use the bacula system for backup. I will leave the installation and configuration of the “server” Director and Storage modules outside of this article, focusing on client configuration.
Install: bacula-fd
Editing /etc/bacula/bacula-fd.conf
cat > /etc/bacula/bacula-fd.conf << "EOF"
Director {
Name = backup.habr.ru-dir
Password = "<, Director>"
}
FileDaemon {
Name = ldap01.habr.ru-fd
FDport = 9102 # where we listen for the director
WorkingDirectory = /var/lib/bacula
Pid Directory = /var/run/bacula
Maximum Concurrent Jobs = 20
# ,
# FDAddress = 192.168.100.1
}
Messages {
Name = Standard
director = bkp01.habr.ru-dir = all, !skipped, !restored
}
EOF

Create the necessary directories: mkdir /root/scripts /var/backups/openldap
To unload the dump, we need the following script:
cat > /root/scripts/ldap_backup.sh << "EOF"
#!/bin/sh
/usr/sbin/slapcat > /var/backups/openldap/habr.ru.ldif
EOF

Compress the file is not necessary - it will make bacula.
')
To delete after backup, we create another script:
cat > /root/scripts/ldap_backup_clean.sh << "EOF"
#!/bin/sh
rm /var/backups/openldap/habr.ru.ldif
EOF

Restart bacula-fd: /etc/init.d/bacula-fd restart

On the backup.habr.ru server in the /etc/bacula/director.conf file
Add something like the following
cat >> /etc/bacula/director.conf << "EOF"
Client {
Name = ldap01.habr.ru-fd
Address = 192.168.100.1
FDPort = 9102
Catalog = MyCatalog
Password = " "
File Retention = 30 days
Job Retention = 6 months
AutoPrune = yes
}

FileSet {
Name = "ldap"
Include {
Options {
signature = MD5
}
File = /var/backups/openldap/
}
}
Job {
Name = "ldap01.habr.ru-system"
Client = ldap01.habr.ru-fd
JobDefs = "DefaultJob"
FileSet = "ldap"
Write Bootstrap = "/var/lib/bacula/ldap01.habr.ru-log.bsr"
ClientRunBeforeJob = "/root/scripts/ldap_backup.sh"
ClientRunAfterJob = "/root/scripts/ldap_backup_clean.sh"
}
EOF

Restarting the bacula-dir configuration: /etc/init.d/bacula-dir reload
You can check the work through bconcole.

3. We put a convenient web administration panel - phpldapadmin.
The phpldapadmin package is already installed, if you missed, then apt-get install phpldapadmin via apt: apt-get install phpldapadmin
He will install his apache config in /etc/apache2/conf.d/phpldapadmin and after reloading httpd will be available at habr.ru/phpldapadmin
I recommend immediately raising it on a separate virtual host like ldap01.habr.ru and with SSL.
Next we will be interested in the phpldapadmin configuration: /etc/phpldapadmin/config.php.
Change the lines in it:
$ldapservers->SetValue($i,'server','name','Habrahabr');
$ldapservers->SetValue($i,'server','host','ldap01.habr.ru');
$ldapservers->SetValue($i,'server','base',array('dc=habr,dc=ru'));

After that you can enter our admin panel by entering the cn = admin, dc = habr, dc = ru in the Login field
and password in the corresponding field.
Next we need to create organizationalUnit for users, and organizationalUnit for groups.
I do not create my own schema and use two standard templates for users: posixAccount for users who should have shell access to servers and a simpleSecurityObject for everyone else. I usually add a description attribute to simpleSecurityObject, in which I write my full name and contacts.
It will also be logical to create simpleSecurityObject-users in one organizationalUnit, and posixAccount in another.
I create groups based on the groupOfUniqueNames template, and add users as uniqueMember.

All this kitchen in action, we will try in the next part of the article.
That's all for today, thank you for your attention.