LDAP recovery

If you have suffered from LDAP wreckage then probably you already know how difficult it is to make it work again. In my case all problems started with such message in system log:

slapd[11705]: bdb(dc=xxx,dc=com): PANIC: fatal region error detected; run recovery

Note: my bdb version is 4.7, yours may differ;
slapd stands for Stand-alone LDAP Daemon, your service name may be ldap

At first I tried to recover LDAP using

db4.7_verify -h /var/lib/ldap
db4.7_recover -v -h /var/lib/ldap 

But LDAP got broken again and again.
Thus I decided to recreate whole LDAP folder. Here is the scenario:

1. Stop the LDAP server
   

   service slapd stop

2. Dump the directory structure to a text file
   

   slapcat -l /etc/ldap/backup/ldap_old.ldif

3. Recover LDAP
   

   db4.7_recover -v -h /var/lib/ldap

4. Dump the directory structure to a text file
   

   slapcat -l /etc/ldap/backup/ldap.ldif

5. Verify that ldap.ldif contains your entries. If it does not, or if slapcat returned errors in step 3, try running db4.7_recover in catastrophic mode:
   

   db4.7_recover -v -h /var/lib/ldap -c

   and repeat step 3
6. Delete the LDAP directory
   

   rm -fr /var/lib/ldap/*

7. Load LDAP directory from the file you have create in step 3
   

   slapadd -l /etc/ldap/backup/slap.ldif

8. Make openldap the owner of the LDAP directory
   

   chown -R openldap:openldap /var/lib/ldap/*

9. Start the LDAP server
   

   service slapd start