How-to: Configure automatic cleanup for LDAP Backups

MiracErde · February 23, 2026, 3:51pm

HowTo: Configure automatic cleanup for the LDAP Backups

Description:

Every day, UCS stores automatic backups from LDAP and Samba in /var/univention-backup.
These files can take much filespace, so should be cleaned up from time to time. To do this automatically, define a retention time via UCR Variable in days.

Following informations are guilty for internal-backup, ldap-backup and ucr-backup.
For samba-backups, please check this article:
Samba4 Backups

Variables are been used for:

ucr info backup/clean/min_backups
backup/clean/min_backups: 10
 Automatic deletion of backup-files in /var/univention-backup/: if backup/clean/max_age is set and less than backup/clean/min_backups backup-files exist, no files are deleted. Defaults to 10.
 Categories: service-misc
 Default: 10
 Type: uint

ucr info backup/clean/max_age
backup/clean/max_age: <empty>
 Automatic deletion of backup-files in /var/univention-backup/, of files older than backup/clean/max_age. If unset, no files are deleted. If less than backup/clean/min_backups backup-files exist, no files are deleted.
 Categories: service-misc
 Default: (not set)
 Type: uint

Single step:

Set the max_age Variable per Days, so backups will be cleaned up.

Example:

ucr set backup/clean/max_age=30
Setting backup/clean/max_age
Module: ox-config

Investigation:

The following script will be use:
/usr/share/univention-lib/backup.sh

#!/bin/sh
# Univention Common Shell Library
#
# SPDX-FileCopyrightText: 2017-2025 Univention GmbH
# SPDX-License-Identifier: AGPL-3.0-only

# Clean old backups in /var/univention-backup/ that are older than
# backup/clean/max_age, if more than backup/clean/min_backups files exist.
# 1. parameter: a pattern to match files to delete via `find .. -regex ..`
# 2. parameter: override backup/clean/max_age (optional)
#
# Example to cleanup LDAP-backups:
# clean_old_backups 'ldap-backup_*.\(log\|ldif\)'
clean_old_backups () {
        local arg_pattern="$1"
        local arg_max_age="$2"
        [ -z "$arg_pattern" ] && return 1
        eval "$(univention-config-registry shell backup/clean/min_backups backup/clean/max_age)"

        local backup_dir="/var/univention-backup"
        local pattern="$backup_dir/$arg_pattern"
        local max_age="${arg_max_age:-$backup_clean_max_age}"

        if [ -n "$max_age" ]; then
                local count
                count=$(find "$backup_dir" -type f -mtime "+$max_age" -regex "$pattern" | wc -l)
                if [ "$count" -ge "${backup_clean_min_backups:-10}" ]; then
                                find "$backup_dir" -type f -mtime "+$max_age" -regex "$pattern" -delete >/dev/null
                fi
        fi
}

Example query:

Query for the ldap-backups are older then +30 days

find /var/univention-backup -type f -mtime +30 -regex "/var/univention-backup/.*" | wc -l
286

Manual cleanup of ldap-backups older then 30 days, with debug output:

set -x
clean_old_backups '.*'
set +x

Output:

+ clean_old_backups '.*'
+ local 'arg_pattern=.*'
+ local arg_max_age=
+ '[' -z '.*' ']'
++ univention-config-registry shell backup/clean/min_backups backup/clean/max_age
+ eval 'backup_clean_max_age=30
backup_clean_min_backups=10'
++ backup_clean_max_age=30
++ backup_clean_min_backups=10
+ local backup_dir=/var/univention-backup
+ local 'pattern=/var/univention-backup/.*'
+ local max_age=30
+ '[' -n 30 ']'
+ local count
++ find /var/univention-backup -type f -mtime +30 -regex '/var/univention-backup/.*'
++ wc -l
+ count=286
+ '[' 286 -ge 10 ']'
+ find /var/univention-backup -type f -mtime +30 -regex '/var/univention-backup/.*' -delete
+ set +x

Result:

find /var/univention-backup -type f -mtime +30 -regex "/var/univention-backup/.*" | wc -l
0

ls -lah /var/univention-backup/ | wc -l
90

root@ucs5primary:~/univention-support# ls -lah /var/univention-backup/
total 17M
drwxr-xr-x  5 root root  20K 19. Feb 08:21 .
drwxr-xr-x 15 root root 4,0K 10. Sep 19:58 ..
drwxr-xr-x  2 root root 4,0K 20. Feb 2024  etc
-rw-------  1 root root  477 20. Jan 00:00 internal-backup_20260120.ldif.gz
-rw-------  1 root root   49 20. Jan 00:00 internal-backup_20260120.log.gz
-rw-------  1 root root  477 24. Jan 00:00 internal-backup_20260124.ldif.gz
-rw-------  1 root root   49 24. Jan 00:00 internal-backup_20260124.log.gz
-rw-------  1 root root  477 28. Jan 00:00 internal-backup_20260128.ldif.gz
-rw-------  1 root root   49 28. Jan 00:00 internal-backup_20260128.log.gz
-rw-------  1 root root 2,1K 31. Jan 00:00 internal-backup_20260131.ldif.gz
-rw-------  1 root root   49 31. Jan 00:00 internal-backup_20260131.log.gz
-rw-------  1 root root 2,1K  2. Feb 00:00 internal-backup_20260202.ldif.gz
-rw-------  1 root root   49  2. Feb 00:00 internal-backup_20260202.log.gz
-rw-------  1 root root 2,1K  3. Feb 00:00 internal-backup_20260203.ldif.gz
-rw-------  1 root root   49  3. Feb 00:00 internal-backup_20260203.log.gz
-rw-------  1 root root 2,1K  4. Feb 00:00 internal-backup_20260204.ldif.gz
-rw-------  1 root root   49  4. Feb 00:00 internal-backup_20260204.log.gz
-rw-------  1 root root 2,1K  5. Feb 00:00 internal-backup_20260205.ldif.gz
-rw-------  1 root root   49  5. Feb 00:00 internal-backup_20260205.log.gz
-rw-------  1 root root 2,1K  6. Feb 00:00 internal-backup_20260206.ldif.gz
-rw-------  1 root root   49  6. Feb 00:00 internal-backup_20260206.log.gz
-rw-------  1 root root 2,1K  7. Feb 00:00 internal-backup_20260207.ldif.gz
-rw-------  1 root root   49  7. Feb 00:00 internal-backup_20260207.log.gz
-rw-------  1 root root 2,1K  8. Feb 00:00 internal-backup_20260208.ldif.gz
-rw-------  1 root root   49  8. Feb 00:00 internal-backup_20260208.log.gz
-rw-------  1 root root 2,1K  9. Feb 00:00 internal-backup_20260209.ldif.gz
-rw-------  1 root root   49  9. Feb 00:00 internal-backup_20260209.log.gz
-rw-------  1 root root 2,1K 15. Feb 00:00 internal-backup_20260215.ldif.gz
-rw-------  1 root root   49 15. Feb 00:00 internal-backup_20260215.log.gz
-rw-------  1 root root 2,1K 16. Feb 00:00 internal-backup_20260216.ldif.gz
-rw-------  1 root root   49 16. Feb 00:00 internal-backup_20260216.log.gz
-rw-------  1 root root 2,1K 17. Feb 00:00 internal-backup_20260217.ldif.gz
-rw-------  1 root root   49 17. Feb 00:00 internal-backup_20260217.log.gz
-rw-------  1 root root 2,1K 18. Feb 00:00 internal-backup_20260218.ldif.gz
-rw-------  1 root root   49 18. Feb 00:00 internal-backup_20260218.log.gz
-rw-------  1 root root 2,1K 19. Feb 00:00 internal-backup_20260219.ldif.gz
-rw-------  1 root root   49 19. Feb 00:00 internal-backup_20260219.log.gz
-rw-------  1 root root 294K 20. Jan 00:00 ldap-backup_20260120.ldif.gz
-rw-------  1 root root   45 20. Jan 00:00 ldap-backup_20260120.log.gz
-rw-------  1 root root 294K 24. Jan 00:00 ldap-backup_20260124.ldif.gz
-rw-------  1 root root   45 24. Jan 00:00 ldap-backup_20260124.log.gz
-rw-------  1 root root 297K 28. Jan 00:00 ldap-backup_20260128.ldif.gz
-rw-------  1 root root   45 28. Jan 00:00 ldap-backup_20260128.log.gz
-rw-------  1 root root 1,1M 31. Jan 00:00 ldap-backup_20260131.ldif.gz
-rw-------  1 root root   45 31. Jan 00:00 ldap-backup_20260131.log.gz
-rw-------  1 root root 1,1M  2. Feb 00:00 ldap-backup_20260202.ldif.gz
-rw-------  1 root root   45  2. Feb 00:00 ldap-backup_20260202.log.gz
-rw-------  1 root root 1,1M  3. Feb 00:00 ldap-backup_20260203.ldif.gz
-rw-------  1 root root   45  3. Feb 00:00 ldap-backup_20260203.log.gz
-rw-------  1 root root 1,1M  4. Feb 00:00 ldap-backup_20260204.ldif.gz
-rw-------  1 root root   45  4. Feb 00:00 ldap-backup_20260204.log.gz
-rw-------  1 root root 1,1M  5. Feb 00:00 ldap-backup_20260205.ldif.gz
-rw-------  1 root root   45  5. Feb 00:00 ldap-backup_20260205.log.gz
-rw-------  1 root root 1,1M  6. Feb 00:00 ldap-backup_20260206.ldif.gz
-rw-------  1 root root   45  6. Feb 00:00 ldap-backup_20260206.log.gz
-rw-------  1 root root 1,1M  7. Feb 00:00 ldap-backup_20260207.ldif.gz
-rw-------  1 root root   45  7. Feb 00:00 ldap-backup_20260207.log.gz
-rw-------  1 root root 1,1M  8. Feb 00:00 ldap-backup_20260208.ldif.gz
-rw-------  1 root root   45  8. Feb 00:00 ldap-backup_20260208.log.gz
-rw-------  1 root root 1,1M  9. Feb 00:00 ldap-backup_20260209.ldif.gz
-rw-------  1 root root   45  9. Feb 00:00 ldap-backup_20260209.log.gz
-rw-------  1 root root 1,1M 15. Feb 00:00 ldap-backup_20260215.ldif.gz
-rw-------  1 root root   45 15. Feb 00:00 ldap-backup_20260215.log.gz
-rw-------  1 root root 1,1M 16. Feb 00:00 ldap-backup_20260216.ldif.gz
-rw-------  1 root root   45 16. Feb 00:00 ldap-backup_20260216.log.gz
-rw-------  1 root root 1,1M 17. Feb 00:00 ldap-backup_20260217.ldif.gz
-rw-------  1 root root   45 17. Feb 00:00 ldap-backup_20260217.log.gz
-rw-------  1 root root 1,1M 18. Feb 00:00 ldap-backup_20260218.ldif.gz
-rw-------  1 root root   45 18. Feb 00:00 ldap-backup_20260218.log.gz
-rw-------  1 root root 1,1M 19. Feb 00:00 ldap-backup_20260219.ldif.gz
-rw-------  1 root root   45 19. Feb 00:00 ldap-backup_20260219.log.gz
drwx------  2 root root 4,0K 19. Feb 08:21 samba
-rw-------  1 root root  14K 20. Jan 03:30 ucr-backup_20260120.tgz
-rw-------  1 root root  14K 24. Jan 03:30 ucr-backup_20260124.tgz
-rw-------  1 root root  14K 28. Jan 03:30 ucr-backup_20260128.tgz
-rw-------  1 root root  14K 31. Jan 03:30 ucr-backup_20260131.tgz
-rw-------  1 root root  14K  2. Feb 03:30 ucr-backup_20260202.tgz
-rw-------  1 root root  14K  4. Feb 03:30 ucr-backup_20260204.tgz
-rw-------  1 root root  14K  5. Feb 03:30 ucr-backup_20260205.tgz
-rw-------  1 root root  14K  6. Feb 03:30 ucr-backup_20260206.tgz
-rw-------  1 root root  14K  7. Feb 03:30 ucr-backup_20260207.tgz
-rw-------  1 root root  14K  8. Feb 03:30 ucr-backup_20260208.tgz
-rw-------  1 root root  14K  9. Feb 03:30 ucr-backup_20260209.tgz
-rw-------  1 root root  14K 15. Feb 03:30 ucr-backup_20260215.tgz
-rw-------  1 root root  14K 16. Feb 03:30 ucr-backup_20260216.tgz
-rw-------  1 root root  14K 17. Feb 03:30 ucr-backup_20260217.tgz
-rw-------  1 root root  14K 18. Feb 03:30 ucr-backup_20260218.tgz
-rw-------  1 root root  14K 19. Feb 03:30 ucr-backup_20260219.tgz