Full_Name: Norbert MASSA Version: 2.4.40 OS: CentOS 7.1 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (62.240.254.57)
Hi everyone,
I'm struggling to find a root cause on a weird problem which recently happened on one of our servers, let me give you some history :
- server installed beginning of April - openldap 2.4.40 installed via packages - client data loaded into ldap, no problem - server had never been rebooted since
We have a script that (luckily, see why below) makes a backup every night, with 2 different commands : - slapcat > file-slapcat.ldif - ldapsearch -b "dc=our_root" -x -D "cn=admin,dc=our_root" -w password > file-ldapsearch.ldif
So far so good, the application behind was running fine, users were added and authentication was successful.
That's for the background.
Now, 3 days ago during night, there was a planned reboot of the server, and after it came back, it appeared our LDAP server was missing lots and lots of entries that should have been here since months. Even some passwords were "back to their values weeks ago". Weird.
So let's have a look at the backups, that's where the fun stuff begins : it appeared that the ldapsearch backups were always complete whereas the slapcat ones never where ! It looked like slapcat was not seeing any other data than what was added at the beginning.
The final solution was to perform a restore / import of the ldapsearch generated file.
So from a system perspective, it would appear the behavior was something like : - new data was storred in "some kind of memory" - slapcat, as it's reading the files on the drive, would not see it :-( -dadapsearch, as it's using ldap protocol, would see it :-) - after the reboot => everything was lost, slapcat & ldapsearch were seeing the same (incomplete) data.
Is it something possible ? I was unable to find anything related on google, and sadly have no idea how to reproduce
Thanks a lot,
Regards,
Norbert