Wednesday, July 4, 2012

LDAP recovery

If you have suffered from LDAP wreckage then probably you already know how difficult it is to make it work again. In my case all problems started with such message in system log:
slapd[11705]: bdb(dc=xxx,dc=com): PANIC: fatal region error detected; run recovery

Note: my bdb version is 4.7, yours may differ;
slapd stands for Stand-alone LDAP Daemon, your service name may be ldap


At first I tried to recover LDAP using
db4.7_verify -h /var/lib/ldap
db4.7_recover -v -h /var/lib/ldap 

But LDAP got broken again and again.
Thus I decided to recreate whole LDAP folder. Here is the scenario:

  1. Stop the LDAP server
    service slapd stop
  2. Dump the directory structure to a text file
    slapcat -l /etc/ldap/backup/ldap_old.ldif
  3. Recover LDAP
    db4.7_recover -v -h /var/lib/ldap
  4. Dump the directory structure to a text file
    slapcat -l /etc/ldap/backup/ldap.ldif
  5. Verify that ldap.ldif contains your entries. If it does not, or if slapcat returned errors in step 3, try running db4.7_recover in catastrophic mode:
    db4.7_recover -v -h /var/lib/ldap -c
    and repeat step 3
  6. Delete the LDAP directory
    rm -fr /var/lib/ldap/*
  7. Load LDAP directory from the file you have create in step 3
    slapadd -l /etc/ldap/backup/slap.ldif
  8. Make openldap the owner of the LDAP directory
    chown -R openldap:openldap /var/lib/ldap/*
  9. Start the LDAP server
    service slapd start