diff --git a/ldap/manifests/init.pp b/ldap/manifests/init.pp
index 0fba31b..82cd113 100644
--- a/ldap/manifests/init.pp
+++ b/ldap/manifests/init.pp
@@ -682,6 +682,54 @@ define ldap::server::database($aclsource = "", $master = "", $syncpw = "", $rid
 }
 
 
+# Install LDAP daily backup job
+#
+# === Parameters
+#
+#   $datadir:
+#       Directory where LDAP backups are stored. Defaults to /srv/ldap-backup
+#
+#   $maxage:
+#       How long to keep LDAP backups. Defaults to 168 hours (7 days).
+#
+class ldap::server::backup($datadir="/srv/ldap-backup", $maxage="168") {
+
+    if $datadir != "/srv/ldap-backup" {
+        file { "/srv/ldap-backup":
+            ensure  => link,
+            target  => $datadir,
+            owner   => "root",
+            group   => "root",
+            require => File[$datadir],
+        }
+    }
+    file { $datadir:
+        ensure => directory,
+        mode   => "0700",
+        owner  => $ldap::server::user,
+        group  => $ldap::server::group,
+    }
+
+    file { "/usr/local/sbin/ldap-backup.cron":
+        ensure  => present,
+        content => template("ldap/ldap-backup.cron.erb"),
+        mode    => "0755",
+        owner   => "root",
+        group   => "root",
+        require => File["/srv/ldap-backup"],
+    }
+    cron { "ldap-backup":
+        ensure  => present,
+        command => "/usr/local/sbin/ldap-backup.cron",
+        user    => $ldap::server::user,
+        hour    => "0",
+        minute  => "10",
+        require => File["/usr/local/sbin/ldap-backup.cron"],
+    }
+
+}
+
+
 # Install custom schema to OpenLDAP.
 #
 # === Parameters
diff --git a/ldap/templates/ldap-backup.cron.erb b/ldap/templates/ldap-backup.cron.erb
new file mode 100755
index 0000000..3e62316
--- /dev/null
+++ b/ldap/templates/ldap-backup.cron.erb
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+umask 077
+
+PATH="/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin"
+
+if [ `whoami` != <%= scope.lookupvar('ldap::server::user') %> ]; then
+    echo "ERR: Script needs to be run as <%= scope.lookupvar('ldap::server::user') %> user" 1>&2
+    exit 1
+fi
+
+BACKUPDIR="/srv/ldap-backup"
+BACKUPAGE="<%= @maxage %>"
+
+DATE=`date "+%Y-%m-%d"`
+
+ldapsearch -LLL -x -H ldapi:// -s base -b 'cn=Databases,cn=Monitor' \
+    '(objectClass=*)' namingContexts | \
+    sed -n 's/^namingContexts: \(.*\)/\1/p' | while read db ; do
+        [ "${db}" = "cn=config" ] && continue
+        slapcat -f /etc/openldap/slapd.conf -b "${db}" 2> /dev/null | gzip > \
+            "${BACKUPDIR}/${db}.${DATE}.gz"
+        if [ $? -ne 0 ]; then
+            echo "ERR: Failed to backup database ${db}" 1>&2
+            continue
+        fi
+done
+
+tmpwatch -m -f ${BACKUPAGE} ${BACKUPDIR}