[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Help! Major LDAP breakage....

David Trask wrote:

k12osn redhat com writes:

Eric Harrison said:

If all else fails, you do have backups, right?

Hmm...something about the silence is deafening....=)

I do, but the backup may also be corrupt....I'm already planning for worst
case and telling staff to back up files to another location.

I concur with Eric that lack of space when the filesystem was full yesterday probably prevented slapd from writing part of a database or index file when it needed to expand it. I would not expect that there is a disk or filesystem issue such that user files are better off elsewhere. With your fresh copy of /var/lib/ldap restored on a test box try the slapindex as Eric suggested. With the ldap server in readonly mode if as you say user authentication is working, then you have stabilized the problem and can wait until after school to put back what you recover and check on the test machine.

All the users that can still authenticate probably have their directory entries intact. So instead of bulk adding all your users from scratch you may want to try the slapcat with the -c option. It is easy to put all the entries that extracts into a fresh directory with slapadd. Then you only have to add the missing ones. If the extracted entries are missing any attributes that can be corrected by editing the ldif file before the slapadd since ldif is a text-based representation of the directory.

Don't forget to put it back to "readonly off" before restarting when all is done.

BTW, to get good backups of the directory files you need the ldap service to be down or in readonly mode, so it is best to set up a cron job to stop the service, copy or archive the files, and start the service. This should run before your backup process so although the /var/lib/ldap files in the backup cannot be trusted, the copy of them that is also backed up can be trusted.

David - you want me to swing by the school to lend a hand? If so, what time do you think you'll get started?

Chris Johnson, RHCE #807000448202021

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]