Auto config backup for LemonLDAP-NG

A Few weeks back @Andy_Wismer helped (did most of the work :slightly_smiling_face:) and pointed me to a post by @danb35 on the OPNsense forums explaining how to setup an automatic backup.

Using a modified version of the script by Andy to automatically prune old backups and move them to a predetermined place ie nas unfortunately i don’t have a nas yet but setup file server on nethserver and set it as my backup everything was working great.

Then I thought what about LemonLDAP-NG as it back’s it’s configuration up as a .json file after some digging found out you can here’s how i did it (obviously you would need to change some locations if your running sso from a different location then the nethserver)

  1. Create the backups folder in nethserver file server (or your prefered backup location)
    then the subfolders (this isn’t necessary but it helps keep things organised)

mkdir -P /var/lib/nethserver/ibay/backups/LLNG/YourServer

  1. create the script (this script keeps the last 10 backups
    nano /location/to/the/scripts/
date=$(date +%Y-%m-%d_%H-%M)
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli save >lemonldap-NG-config-YourServer_$date.json
mv lemonldap-NG-config-YourServer_$date.json $destination
if [[ $result != *"200"* ]]; then
   echo "Result of the HTTP request is $result"
   exit 1


if [ $error -gt 0 ]; then
   echo "Curl returned error number $error"
   exit 1
#/usr/bin/find $destination/* -mtime +$daystokeep -exec rm {} \;

cd $destination
ls -t | tail -n +11 | xargs
  1. make it executable

chmod +x /location/to/the/scripts/
4. get LemonLDAP-NG-cli

mkdir -p /usr/share/lemonldap-ng/bin/

create the script

nano /usr/share/lemonldap-ng/bin/lemonldap-ng-cli


use warnings;
use strict;
use POSIX;
use Getopt::Long qw(:config pass_through);

our $opt_user  = '__APACHEUSER__';
our $opt_group = '__APACHEGROUP__';
    "user=s"  => \$opt_user,
    "group=s" => \$opt_group
) or die("Error in command line arguments\n");

my $action;

eval {
    POSIX::setgid( scalar( getgrnam($opt_group) ) );
    POSIX::setuid( scalar( getpwnam($opt_user) ) );

for ( my $i = 0 ; $i < @ARGV ; $i++ ) {
    if ( $ARGV[$i] =~ /^-/ ) {
    $action = $ARGV[$i];

$action ||= "help";

if ( $action =~
    eval { require Lemonldap::NG::Manager::Cli; };
    die "Manager libraries not available, aborting ($@)" if ($@);
elsif ( $action =~ /^(?:info|update-cache|test-email)$/ ) {
    eval { require Lemonldap::NG::Common::Cli; };
    die "Lemonldap::NG common libraries not available, aborting ($@)" if ($@);
else {

sub help {
    print STDERR qq{Usage: $0 <options> action <parameters>

Available actions:
 - help                                      : print this
 - info                                      : get currentconfiguration info
 - update-cache                              : force configuration cache to be updated
 - test-email <destination>                  : send a test email
 - get <key>                                 : get values of parameters
 - set <key> <value>                         : set parameter(s) value(s)
 - del <key>                                 : delete parameters
 - addKey <key> <subkey> <value>             : add or set a subkey in a parameter
 - delKey <key> <subkey>                     : delete subkey of a parameter
 - addPostVars <host> <uri> <key> <value>    : add post vars for form replay
 - delPostVars <host> <uri> <key>            : delete post vars for form replay
 - save                                      : export configuration to STDOUT
 - restore -                                 : import configuration from STDIN
 - restore <file>                            : import configuration from file
 - rollback                                  : restore previous configuration

 - yes <0|1>                     : accept confirmation prompt automatically
 - log <msg>                     : set configuration log message
 - safe <0|1>                    : fail in case the requested configuration is invalid
 - force <0|1>                   : allow overwrite of existing config number
 - cfgNum <num>                  : set new configuration number (requires -force 1)
 - sep <char>                    : separator of hierarchical values (by default: /)
 - iniFile <file>                : path to an alternate lemonldap-ng.ini file

Additional options:
 - --user=<user>    : change user running the script
 - --group=<group>  : change group running the script

See Lemonldap::NG::Manager::Cli(3) for more

=head1 NAME

=encoding utf8

lemonldap-ng-cli - Command-line manager for Lemonldap::NG web-SSO system.


Get information about current configuration

  $ lemonldap-ng-cli info

Update local configuration cache

  $ lemonldap-ng-cli update-cache

Send a test email

  $ lemonldap-ng-cli test-email

Save configuration

  $ lemonldap-ng-cli save >conf.json
  $ lemonldap-ng-cli -cfgNum 19 save >conf-19.json

Restore configuration

  $ lemonldap-ng-cli restore conf.json
  # OR
  $ lemonldap-ng-cli restore - <conf.json

Cancel the last configuration change

  $ lemonldap-ng-cli rollback

Get a configuration parameter value

  $ lemonldap-ng-cli get portal domain cookieName

Set some values

  $ lemonldap-ng-cli set portal domain
  # add or set a key
  $ lemonldap-ng-cli addKey macro fullname '$givenName." ".$lastName'

  # without changing the version number
  $ lemonldap-ng-cli -force 1 -cfgNum 1 set portal domain

  # without asking for confirmation
  $ lemonldap-ng-cli -yes 1 set portal domain


lemonldap-ng-cli is a command line interface to interact with Lemonldap::NG
configuration. Commands are described in L<Lemonldap::NG::Manager::Cli>
and L<Lemonldap::NG::Common::Cli>

=head2 Available commands


=item info

=item update-cache

=item test-email

=item save

=item restore

=item get

=item set

=item addKey

=item delKey


=head2 Available options


=item -yes

Confirm modification automatically (default: 0)

=item -log

Allows you to set the log message that will be displayed in the manager

=item -safe

The configuration change will be aborted if it contains errors (default: 0)

=item -force

Allows you to force overwriting an existing configuration (default: 0)

=item -cfgNum

Choose a particular configuration number (default: latest)

=item -sep

Allows you to define hierarchical separator

=item -iniFile

Allows you to set an alternative ini file


=head1 SEE ALSO

L<Lemonldap::NG::Manager::Cli>, L<Lemonldap::NG::Common::Cli>

=head1 AUTHORS


=item Clement Oudot, E<lt>clement@oodo.netE<gt>

=item Xavier Guimard, E<lt>yadd@debian.orgE<gt>

=item Maxime Besson, E<lt>maxime.besson@worteks.comE<gt>

=item Christophe Maudoux, E<lt>chrmdx@gmail.comE<gt>



Use OW2 system to report bug or ask for features:


Lemonldap::NG is available at



=item Copyright (C) 2016 by Xavier Guimard, E<lt>x.guimard@free.frE<gt>

=item Copyright (C) 2016 by Clément Oudot, E<lt>clem.oudot@gmail.comE<gt>


This library is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see L<>.


Make it executable

chmod +x /usr/share/lemonldap-ng/bin/lemonldap-ng-cli
5. create the cronjob in crontab manager
menu.nethserver-crontabmanager - 2021-11-21 18-26-46(1)