LDAP Data Integrity Problems

[edward.sexton@vialta-inc.com]

Hello-

This is my first posting to this group, apologies if I have left out any
crucial details.

Our Production environment is running OpenLDAP 2.0.18-Release (Wed Nov 28
13:27:59 EST 2001) on Red Hat 7.2 (Enigma).

The LDAP database (1 master, 1 slave) has been functioning fine for quite a
while and has about 6000 records.  Recently, I've noticed two problems which
are generating big problems for user's trying to authenticate via Radius:

1.	LDAP Records are created, but when Radius attempts to authenticate,
an error of User Not Found is reported.  I can perform an LDAP search from
the Radius host successfully.

2.	Our Registration process failed to create an LDAP account for a
user.  So I attempted to add to add this record, but this fails with User
Already Exists.

Recently Red Hat ISO updates/reboots were performed on the Production
servers, but I am not sure if this relates to the problem. 

For problem #1, I am able to resolve this problem by simply exporting the
record, removing the LDAP record, and importing the data back into
MasterLDAP.  But this is a horrible approach because I must watch the Radius
logs closely and fix any accounts which test out okay (radtest).

For problem #2, I am still unable to add this account.  I have performed
ldapsearch on Master and Slave LDAP servers, and no record is found.  When I
grep for the username or other unique attributes, nothing is found in the
openldap-ldbm dbb files.


I am worried about data integrity, and would like to know if there are any
commands I should issue to attempt to repair inconsistencies?  I seem to
recall there being an ISAM repair, but this may only apply to OpenLDAP 1.x
versions.

Does anyone have any recommendations for me, I am really not sure where to
take this problem.

Thank you very much in advance for any thoughts.


Sincerely-
Ed Sexton
Production Applications Analyst