[Date Prev][Date Next]
LDAP Data Integrity Problems
This is my first posting to this group, apologies if I have left out any
Our Production environment is running OpenLDAP 2.0.18-Release (Wed Nov 28
13:27:59 EST 2001) on Red Hat 7.2 (Enigma).
The LDAP database (1 master, 1 slave) has been functioning fine for quite a
while and has about 6000 records. Recently, I've noticed two problems which
are generating big problems for user's trying to authenticate via Radius:
1. LDAP Records are created, but when Radius attempts to authenticate,
an error of User Not Found is reported. I can perform an LDAP search from
the Radius host successfully.
2. Our Registration process failed to create an LDAP account for a
user. So I attempted to add to add this record, but this fails with User
Recently Red Hat ISO updates/reboots were performed on the Production
servers, but I am not sure if this relates to the problem.
For problem #1, I am able to resolve this problem by simply exporting the
record, removing the LDAP record, and importing the data back into
MasterLDAP. But this is a horrible approach because I must watch the Radius
logs closely and fix any accounts which test out okay (radtest).
For problem #2, I am still unable to add this account. I have performed
ldapsearch on Master and Slave LDAP servers, and no record is found. When I
grep for the username or other unique attributes, nothing is found in the
openldap-ldbm dbb files.
I am worried about data integrity, and would like to know if there are any
commands I should issue to attempt to repair inconsistencies? I seem to
recall there being an ISAM repair, but this may only apply to OpenLDAP 1.x
Does anyone have any recommendations for me, I am really not sure where to
take this problem.
Thank you very much in advance for any thoughts.
Production Applications Analyst