Re: [K12OSN] Help! Major LDAP breakage....

On Wed, 2003-10-08 at 08:37, David Trask wrote:
> Same server...different issue.  here's what I know so far....my LDAP/Samba
> appears to be broken to some degree.  I discovered it when I went into
> Directory Administrator....only a handful of 600 users showed up.  Using
> Barry Smokes script or smbldaptools....I can no longer change passwords
> and so forth for users...I get the following message
> [root spongebob conf files]# smbldap-useradd.pl mbriggs
> ldap_add: No such object
>         matched DN: "dc=vassalboro,dc=org"
>         additional info: parent does not exist
> ldif_record() = 32
> /usr/local/sbin/smbldap-useradd.pl: error while adding posix user mbriggs
> I'm not even sure where to begin...I've checked all my scripts and configs
> and they seem fine.  Something broke along the way and I need to rebuild
> it.  On the plus side....my users still exist and can log in....I just
> can't see them....and executing Directory Administrator or running smbldap
> commands seems to crash LDAP and I have to restart the service.  Where do
> I start....what do I need to look for?

My guess is that one of the db files was hosed when the disk was filled.

Before I did anything, I'd make a copy of the existing database:

	cd /var/lib
	/sbin/service ldap stop
	cp -av ldap ldap.backup
	/sbin/service ldap start

Next I'd figure out if it is the main db or the index that are hosed. If at all
possible, I would mirror /etc/openldap & /var/lib/ldap (actually I'd mirror the
backup /var/lib/ldap.backup) to a test server. That way you can muck around without
causing further damage.

Run "slapcat" and see if you can get a full dump of the database. If you can, shutdown
ldap, and use "slapadd" on the file you dumped with slapcat to rebuilt the database.

If that works, shutdown ldap on the main server and mirror the fixed /var/lib/ldap 
from the test server, restart ldap, and rejoice.

If it is one of the index db's that are broken, you might get away with running
slapindex which will rebuild the indexes.

If all else fails, you do have backups, right?


