https://bugs.openldap.org/show_bug.cgi?id=10173
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- Need to release note this bug with instructions on how to fix an accesslog DB that has the problem.
In general:
a) restart slapd with sync logging enabled. slapd will report the number of minCSN values found in the database. Example:
... accesslog_purge: updating minCSN with 4 values
In an environment where there are only 2 providers, this indicates the issue is present, as there should only be 2 minCSN values.
If affected:
b) stop slapd c) export the accesslog database via slapcat: slapcat ... -b <accesslog dn> -l <file>
Example: slapcat -b cn=accesslog -l al.ldif
NOTE: it may be worth preserving the al.ldif file in its original form in case a mistake is made in the next section, i.e., cp al.ldif al-orig.ldif
d) Edit the al.ldif file
e) In the first entry of the al.ldif file it will have the 4 minCSN values listed. Two of the values should match reqStart values of changes present in the accesslog db. The other two values will be for something not present in the accesslog db. Example:
minCSN: 20240506212840.635998Z#000000#001#000000 minCSN: 20240506210001.869022Z#000000#002#000000 minCSN: 20240423153217.123498Z#000000#001#000000 minCSN: 20240423150001.372841Z#000000#002#000000
The above means that the accesslog DB was initialized on April 23, 2024 and that minCSN value has been incorrectly preserved. The 20240506 minCSN values match up with the oldest current entries in the accesslog DB for the specific serverIDs they are for (SID 001, SID 002).
To fix, we delete the minCSN values for April 23, 2024 from the al.ldif file.
f) After deleting the invalid minCSN values: remove the current accesslog database MDB files.
Example, assuming the accesslog db is stored in /var/lib/ldap/accesslog:
rm -f /var/lib/ldap/accesslog/*.mdb
g) Load the fixed version of the database:
slapadd ... -b <accesslog database root> -l al.ldif
Example:
slapadd -b cn=accesslog -l al.ldif
h: Restart slapd. Log should show only the correct number of minCSN values now:
... accesslog_purge: updating minCSN with 2 values
NOTE: values reported will correspond with the number of actual serverIDs in use.