Christmass LDAP disaster. No No No

Notes written after a full iredmail app recovery

System setup:
Debian 9 Stretch, MariaDB, Iredmail v0.9.9, iRedAdmin v0.9.3 (LDAP), Nginx, Lets encrypt, Icinga2

Prerequisites:
- purged ldap on production server
- no snapshot on vps
- system information at
editor /root/iRedMail-0.9.0/iRedMail.tips

- backup cron
# iRedMail: Backup OpenLDAP data every day on 03:01 AM
1 3 * * * /bin/bash /var/vmail/backup/backup_openldap.sh
# iRedMail: Backup MySQL databases every day on 03:10 AM
10 3 * * * /bin/bash /var/vmail/backup/backup_mysql.sh

Recovery steps:
- fresh debian install
- iredmail base installation with ldap backend

Ldap recovery

backup from production server:
/var/vmail/backup/ldap/
- do not forget copy over the whole directory, not just a latest backup
(unzip ldap backups via zip2)
bzip2 -d date.ldif.bz2.

Find passwords at iRedMail.tips

editor /root/iRedMail-0.9.0/iRedMail.tips

Make a copy of backup file after decompressing.
Use slappadd command
.

Restore mysql
Dump and restore following databases:
- iredadmin
- iredapd
- roundcubemail

Email files recovery
Find all email in
cd /var/vmail/vmail1
- do not forget copy over the whole directory, not just a latest backup

use rsync to transfer files in folder

Now its time to change NS records
Change ip address on A and MX records to point new deployed server.

Additional updates and changes

Firewall:
in order to provide ldap to remote services update fw rules
editor /etc/default/iptables
Uncoment line
-A INPUT -p tcp --dport 389 -j ACCEPT

Fail2ban:
add IP to whitelist's
editor /etc/fail2ban/jail.conf

add ip addresses to
ignoreip =

Certificates:
- dovecot
editor /etc/dovecot/dovecot.conf
- nginx
vhosts definition

Web services:
copy over all web services along with their databazes
MySQL - create users and set their permissions
Web server - vhost
- conf files
- snippets

including vhost,conf files and snippets from web server

Icinga Monitoring:
Update monitoring copy over all missing scripts from
cd /usr/lib/nagios/plugins

Configuration snippets from
editor /etc/icinga2/conf.d/commands.conf
editor /etc/icinga2/conf.d/services.conf

Run icinga wizard
icinga2 node wizard

Update hosts on master
cd /etc/icinga2/zones.d/

DNS
Dont forget to change dns records:
- A/MX/CNAME
- rDNS
- PTR
- Dkim