[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Corrupt LDAP DB ...

To: Robert Larson <robert@sixthings.com>
Subject: Re: Corrupt LDAP DB ...
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Thu, 27 Oct 2005 19:09:34 +0200
Cc: OpenLdap-software <openldap-software@OpenLDAP.org>
In-reply-to: <200510271126.11666.robert@sixthings.com>
Organization: Telkom Internet
References: <4360CDAB.2040607@leenx.co.za> <200510271126.11666.robert@sixthings.com>
User-agent: KMail/1.8.2

On Thursday 27 October 2005 18:26, Robert Larson wrote:
> On Thursday 27 October 2005 07:52 am, C.Lee Taylor wrote:
> > Greetings ...
>
> ...
>
> > 	For quite some time, we seem to be getting corrupt LDAP DB.  LDAP just
> > stops working and we can't restarted.  Have done slap slapindex -v -c,
> > but that just hangs.
>
> I have experienced this problem before.  It was an ldap server I had
> running in UML (UserModeLinux) under Gentoo.  The problem was not related
> to openldap at all though.  I believe it was with the UML server.  A crash
> would result in corrupt database files that were inaccessible in the way
> that you describe.

Sure, but Berkeley DB's transaction support allows you to recover the 
database. However, if it is not recovered before slapd starts up (prior to 
2.3), the transactions aren't rolled forward, and you lose some data, and 
maybe even corrupt the database.

>
> > 	So, currently, we restart all the LDAP servers in readonly mode, dump
> > the DB and restart LDAP in normal mode.  If a server falls overs, we
> > rsync a readonly DB over the broke LDAP and start working again.
>
> My hack was to create a cron job that would backup the ldap database
> nightly, then I wrote a small script to rm -r /var/lib/openldap-data,
> slapadd <backup file>, chown ldap -R /var/lib/openldap-data,
> /etc/init.d/slapd start...  This was not a production server, so I could
> get away with not putting effort into it.

Sure, but the hack is not necessary. Either ensure database recovery is run 
whenever it is likely that recover is necessary (some people do it in 
rc.local, or you could do it in the section that runs when slapd is started, 
but not restarted), or upgrade to 2.3 (which will recover the database itself 
when it finds that recovery is required).

A number of distributions ensure this is done for you ...

> My point isn't necessarily that you are not alone, but rather, the issue in
> my case seemed to be resultant of the server itself crashing or causing
> problems, not openldap.

The database can survive the server crash the right steps are in place to 
recover it.

> Perhaps these servers share similar problems 
> external to openldap, and the result is corrupting your databases.

No. A database/directory server should be able to survive a system failure, 
OpenLDAP can.

-- 
Buchan Milne
ISP Systems Specialist
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)

Attachment: pgp6EV8167Dm1.pgp
Description: PGP signature

References:
- Corrupt LDAP DB ...
  - From: "C.Lee Taylor" <leet@leenx.co.za>
- Re: Corrupt LDAP DB ...
  - From: Robert Larson <robert@sixthings.com>

Prev by Date: Re: Corrupt LDAP DB ...
Next by Date: Re: Corrupt LDAP DB ...
Index(es):
- Chronological
- Thread