I recently needed to backup our OD server to make sure in case of a disaster we could recover the accounts used to access our separate web server. I found in Apple’s Open Directory Administration Manual steps you need to take to backup the OD files and databases. Below is my backup shell script.
# From Apple OD Administration Manual
# To back up an Open Directory master, you need to backup
# its shared LDAP directory domain, its configuration files,
# and its Open Directory Password Server database.
# Check for root privs
if [ $(whoami) != “root” ]
echo “You need to be root to do this.”
#Set some variables
# Save the complete contents of the LDAP directory
# as a raw LDIF dump in a text file named backup.ldif
# The file contains all user records, group records,
# computer records and so on. It does NOT contain passwords.
$SLAPCAT -l /Path/to/backups/backup.ldif
# Make a copy of the /etc/openldap folder. This folder
# contains files that determine the setup of the LDAP directory
# domain, including schema files.
$CP -rp /etc/openldap/ /Path/to/backups/
# If your LDAP server uses SSL, make a copy of the server
# certificate file, LDAP server’s private key file, and the CA
# certificate file.
#$CP file_location file_destination
# Make a copy of the OD Password backup folder, located at
# CAREFULLY SAFEGUARD THE OD PASSWORD SERVER BACKUP FOLDER!
# IT CONTAINS PASSWORDS OF ALL USERS WHO HAVE AN OD PASSWORD
# BOTH THE SHARED LDAP DIRECTORY DOMAIN AND THE LOCAL NETINFO
# DIRECTORY DOMAIN. Keep the backup media as secure as the
# OD master server.
$MKPASSDB -backupdb /Path/to/backups/mkpassdb/
# Optionally, make a copy of the Library/Preferences/Directory/Service folder
# Files in this folder specify the server’s search policies and specify
# how the server access other directory domains.
# Optionally make a copy of /etc/hostconfig file