Openldap recovery howto

If you are experiencing LDAP errors or startup without error but no ldap port (389|636) is listening for service and you have tried restarting the LDAP server by running /etc/init.d/ldap restart, then you should try running the following recovery procedure:

Typical corruption

1. Stop the LDAP server:

/etc/init.d/ldap stop

2. Run the daemon manually with debug flag

/usr/sbin/slapd -u ldap -h ldap:// -d 256

If the database is corrupted, it may stop at database initiation.

3. Perform the recovery

/usr/sbin/slapd_db_recover -h /var/lib/ldap

4. Restart the ldap server.

/etc/init.d/ldap start

Serious corruption

In the event that the problems persist after running the above procedure, use the following procedure.

1. Stop the ldap server

/etc/init.d/ldap stop

2. Make a backup of your existing directory structure:

tar -cvzf ldap.tar.gz /var/lib/ldap/*

3. Perform a recovery:

/usr/sbin/slapd_db_recover -h /var/lib/ldap

4. Dump the directory structure to a text file

slapcat -l ldap.ldif

(sometimes it is needed to delete all bdb files, _but_ “dn2id” and “id2entry”, being able to “slapcat” the files)

5. Verify that the resultant file (ldap.ldif) contains directory entries. If it does not, or if slapcat returned errors, try running slapd_db_recover in catastrophic mode:

slapd_db_recover -h /var/lib/ldap -v -c

6. Delete the corrupted LDAP directory with the following command:

rm -fr /var/lib/ldap/*

7. Recreate the DB_CONFIG file, which contains some basic informations for the bdb backend:

echo -en "set_cachesize 0 15000000 1\nset_lg_bsize 2097152\n" >/var/lib/ldap/DB_CONFIG

8. Reload the LDAP directory from the ldap.ldif file you produced with the following command:

slapadd -l ldap.ldif

9. Make sure the new generated file is owned by the user “ldap”

chown -R ldap:ldap /var/lib/ldap

10. Start the LDAP server

/etc/init.d/ldap start

One Reply to “Openldap recovery howto”

Leave a Reply to Massimo Spiller Cancel reply