[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Corrupt LDAP DB ...



Greetings ...

	Thanks for you words of support ...

Robert Larson wrote:
	For quite some time, we seem to be getting corrupt LDAP DB.  LDAP just
stops working and we can't restarted.  Have done slap slapindex -v -c,
but that just hangs.

I have experienced this problem before. It was an ldap server I had running in UML (UserModeLinux) under Gentoo. The problem was not related to openldap at all though. I believe it was with the UML server. A crash would result in corrupt database files that were inaccessible in the way that you describe.
If the server crash, like hangs or power failure, then I would say yes to corrupt LDAP DB, but this is happening for no reason.

	So, currently, we restart all the LDAP servers in readonly mode, dump
the DB and restart LDAP in normal mode.  If a server falls overs, we
rsync a readonly DB over the broke LDAP and start working again.

My hack was to create a cron job that would backup the ldap database nightly, then I wrote a small script to rm -r /var/lib/openldap-data, slapadd <backup file>, chown ldap -R /var/lib/openldap-data, /etc/init.d/slapd start... This was not a production server, so I could get away with not putting effort into it.
Well, wrote a few complex scripts for bash scripts, which check a few things and then restarts LDAP in readonly mode, then do a slapcat back, slapindex and chown ldap:ldap, chmod 600 and restart in normal mode.

With three other servers as slave, this works enough for us not too lose any uptime or LDAP data.

My point isn't necessarily that you are not alone, but rather, the issue in my case seemed to be resultant of the server itself crashing or causing problems, not openldap. Perhaps these servers share similar problems external to openldap, and the result is corrupting your databases.
Well, I have had this on my AMD system from AMD Athlon 32bit system to my current servers of AMD 64bit system, ranging in motherboards and memory ... And from FC2 to FC4, from OpenLDAP 2.2.13 up to 2.2.29, so I just have not be able to put my find on the problem.

Maybe I'm just the unlucky one ... Or my options or the way pam, nss and/or Samba is just bug nobody else has run into, but I don't think so ... So, I'm left in the dark thinking, let's go play some Frozen-Bubble ... ;-)

	Anyway, thanks and hope somebody might understand my plight.

Mailed
Lee