A Few weeks back @Andy_Wismer helped (did most of the work 
) and pointed me to a post by @danb35 on the OPNsense forums explaining how to setup an automatic backup.
Using a modified version of the script by Andy to automatically prune old backups and move them to a predetermined place ie nas unfortunately i don’t have a nas yet but setup file server on nethserver and set it as my backup everything was working great.
Then I thought what about LemonLDAP-NG as it back’s it’s configuration up as a .json file after some digging found out you can here’s how i did it (obviously you would need to change some locations if your running sso from a different location then the nethserver)
- Create the backups folder in nethserver file server (or your prefered backup location)
then the subfolders (this isn’t necessary but it helps keep things organised)
mkdir -P /var/lib/nethserver/ibay/backups/LLNG/YourServer
- create the script (this script keeps the last 10 backups
nano /location/to/the/scripts/lemonldap-NG-config-YourServer.sh
#!/usr/bin/bash
daystokeep=10
destination="/var/lib/nethserver/ibay/backups/LLNG/YourServer"
date=$(date +%Y-%m-%d_%H-%M)
/usr/share/lemonldap-ng/bin/lemonldap-ng-cli save >lemonldap-NG-config-YourServer_$date.json
mv lemonldap-NG-config-YourServer_$date.json $destination
if [[ $result != *"200"* ]]; then
echo "Result of the HTTP request is $result"
exit 1
fi
error=$?
if [ $error -gt 0 ]; then
echo "Curl returned error number $error"
exit 1
fi
#/usr/bin/find $destination/* -mtime +$daystokeep -exec rm {} \;
cd $destination
ls -t | tail -n +11 | xargs
- make it executable
chmod +x /location/to/the/scripts/lemonldap-NG-config-YourServer.sh
4. get LemonLDAP-NG-cli
mkdir -p /usr/share/lemonldap-ng/bin/
create the script
nano /usr/share/lemonldap-ng/bin/lemonldap-ng-cli
#!/usr/bin/perl
use warnings;
use strict;
use POSIX;
use Getopt::Long qw(:config pass_through);
our $opt_user = '__APACHEUSER__';
our $opt_group = '__APACHEGROUP__';
GetOptions(
"user=s" => \$opt_user,
"group=s" => \$opt_group
) or die("Error in command line arguments\n");
my $action;
eval {
POSIX::setgid( scalar( getgrnam($opt_group) ) );
POSIX::setuid( scalar( getpwnam($opt_user) ) );
};
for ( my $i = 0 ; $i < @ARGV ; $i++ ) {
if ( $ARGV[$i] =~ /^-/ ) {
$i++;
next;
}
$action = $ARGV[$i];
last;
}
$action ||= "help";
if ( $action =~
/^(?:[gs]et|del|(?:add|del)Key|(?:add|del)PostVars|save|restore|rollback)$/
)
{
eval { require Lemonldap::NG::Manager::Cli; };
die "Manager libraries not available, aborting ($@)" if ($@);
Lemonldap::NG::Manager::Cli->run(@ARGV);
}
elsif ( $action =~ /^(?:info|update-cache|test-email)$/ ) {
eval { require Lemonldap::NG::Common::Cli; };
die "Lemonldap::NG common libraries not available, aborting ($@)" if ($@);
Lemonldap::NG::Common::Cli->run(@ARGV);
}
else {
help();
}
sub help {
print STDERR qq{Usage: $0 <options> action <parameters>
Available actions:
- help : print this
- info : get currentconfiguration info
- update-cache : force configuration cache to be updated
- test-email <destination> : send a test email
- get <key> : get values of parameters
- set <key> <value> : set parameter(s) value(s)
- del <key> : delete parameters
- addKey <key> <subkey> <value> : add or set a subkey in a parameter
- delKey <key> <subkey> : delete subkey of a parameter
- addPostVars <host> <uri> <key> <value> : add post vars for form replay
- delPostVars <host> <uri> <key> : delete post vars for form replay
- save : export configuration to STDOUT
- restore - : import configuration from STDIN
- restore <file> : import configuration from file
- rollback : restore previous configuration
Options:
- yes <0|1> : accept confirmation prompt automatically
- log <msg> : set configuration log message
- safe <0|1> : fail in case the requested configuration is invalid
- force <0|1> : allow overwrite of existing config number
- cfgNum <num> : set new configuration number (requires -force 1)
- sep <char> : separator of hierarchical values (by default: /)
- iniFile <file> : path to an alternate lemonldap-ng.ini file
Additional options:
- --user=<user> : change user running the script
- --group=<group> : change group running the script
See Lemonldap::NG::Manager::Cli(3) for more
};
}
__END__
=head1 NAME
=encoding utf8
lemonldap-ng-cli - Command-line manager for Lemonldap::NG web-SSO system.
=head1 SYNOPSIS
Get information about current configuration
$ lemonldap-ng-cli info
Update local configuration cache
$ lemonldap-ng-cli update-cache
Send a test email
$ lemonldap-ng-cli test-email dwho@badwolf.org
Save configuration
$ lemonldap-ng-cli save >conf.json
$ lemonldap-ng-cli -cfgNum 19 save >conf-19.json
Restore configuration
$ lemonldap-ng-cli restore conf.json
# OR
$ lemonldap-ng-cli restore - <conf.json
Cancel the last configuration change
$ lemonldap-ng-cli rollback
Get a configuration parameter value
$ lemonldap-ng-cli get portal domain cookieName
Set some values
$ lemonldap-ng-cli set portal http://auth.e.com/ domain e.com
# add or set a key
$ lemonldap-ng-cli addKey macro fullname '$givenName." ".$lastName'
# without changing the version number
$ lemonldap-ng-cli -force 1 -cfgNum 1 set portal http://auth.e.com/ domain e.com
# without asking for confirmation
$ lemonldap-ng-cli -yes 1 set portal http://auth.e.com/ domain e.com
=head1 DESCRIPTION
lemonldap-ng-cli is a command line interface to interact with Lemonldap::NG
configuration. Commands are described in L<Lemonldap::NG::Manager::Cli>
and L<Lemonldap::NG::Common::Cli>
=head2 Available commands
=over
=item info
=item update-cache
=item test-email
=item save
=item restore
=item get
=item set
=item addKey
=item delKey
=back
=head2 Available options
=over
=item -yes
Confirm modification automatically (default: 0)
=item -log
Allows you to set the log message that will be displayed in the manager
=item -safe
The configuration change will be aborted if it contains errors (default: 0)
=item -force
Allows you to force overwriting an existing configuration (default: 0)
=item -cfgNum
Choose a particular configuration number (default: latest)
=item -sep
Allows you to define hierarchical separator
=item -iniFile
Allows you to set an alternative ini file
=back
=head1 SEE ALSO
L<Lemonldap::NG::Manager::Cli>, L<Lemonldap::NG::Common::Cli>
L<http://lemonldap-ng.org/>
=head1 AUTHORS
=over
=item Clement Oudot, E<lt>clement@oodo.netE<gt>
=item Xavier Guimard, E<lt>yadd@debian.orgE<gt>
=item Maxime Besson, E<lt>maxime.besson@worteks.comE<gt>
=item Christophe Maudoux, E<lt>chrmdx@gmail.comE<gt>
=back
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<https://release.ow2.org/lemonldap/>
=head1 COPYRIGHT AND LICENSE
=over
=item Copyright (C) 2016 by Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=item Copyright (C) 2016 by Clément Oudot, E<lt>clem.oudot@gmail.comE<gt>
=back
This library is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see L<http://www.gnu.org/licenses/>.
=cut
Make it executable
chmod +x /usr/share/lemonldap-ng/bin/lemonldap-ng-cli
5. create the cronjob in crontab manager
