How to repair and do recovery when LDAP corrupted



Most of the times we experiencing LDAP errors like authentication fails or any application reports “Cannot connect to LDAP Servers!”) and most of the time we tried to restart the LDAP server by running “/etc/init.d/ldap” but we miss recovery pattern.

Let see how to make recovery and repair the LDAP if it corrupted.
Please follow the following Steps to achieve the task:
  • Stop the LDAP server
    •      /etc/init.d/ldap stop
  •  Perform the recovery  
    • If we are running Open-Xchange on SLES 9, use the following command
      • db_recover -h /var/lib/ldap
    • If we are using Red Hat, use the following command:
      • /usr/sbin/slapd_db_recover -h /var/lib/ldap
  • Reboot the machine.

In the event that the problems persist after running the above procedure, use the following procedure.
  • Stop the ldap server
    • /etc/init.d/ldap stop
    • Just to be sure the server is stopped
    • killall slapd
  • Make a backup of your existing directory structure
    • tar -cvzf ldap.tar.gz /var/lib/ldap/*
    • Put it someplace safe in case something goes wrong with this procedure.
  • Perform a recovery
    • if we are using SLES, use the following command:
      • db_recover -h /var/lib/ldap -v
    • if we are using Red Hat, use the following command:
      • /usr/sbin/slapd_db_recover -h /var/lib/ldap
  • Dump the directory structure to a text file
    • slapcat -l ldap.ldif
    • (sometimes it is needed to delete all bdb files, _but_ "dn2id" and "id2entry", being able to "slapcat" the files)
  • Verify that the resultant file (ldap.ldif) contains directory entries. If it does not, or if slapcat returned errors in step 4, try running db_recover in catastrophic mode.
    • db_recover -h /var/lib/ldap -v -c
  • Delete the corrupted LDAP directory with the following command
    • rm -fr /var/lib/ldap/*
  • Recreate the DB_CONFIG file, which contains some basic information's for the bdb backend
    • echo -en "set_cachesize 0 15000000 1\nset_lg_bsize 2097152\n" >/var/lib/ldap/DB_CONFIG
    • This file only exists on SLES9 as default.
  • Reload the LDAP directory from the ldap.ldif file you produced in step 4 with the following command
    • slapadd -l ldap.ldif
  • The files have to be owned by the user "ldap", hence we have to run
    • chown -R ldap: /var/lib/ldap
  • Start the LDAP server
    • /etc/init.d/ldap start

Test: If the command "ldapsearch -x uid=mailadmin" returns any results, everything went well.

No comments:

Post a Comment