Quanah Gibson-Mount wrote:
This won't include the operational attributes. And I'd search as the root user, so that you can be sure to have all attributes regardless of ACLs. Right now you are doing an anonymous search.
For example:
ldapsearch -x -h freelancer.lab.zimbra.com -D "cn=config" -W + "*"
Thank you Quanah, you have been invaluable. You are correct, running ldapsearch -x -b 'dc=mdah,dc=state,dc=ms,dc=us' '(objectclass=*)' wouldn't get attributes such as the passwords since it is an anonymous bind. Running ldapsearch -x -h roark.mdah.state.ms.us -D "cn=Manager,dc=mdah,dc=state,dc=ms,dc=us" -W + "*" seems to have gotten everything.
I forgot I also have a slave server named archives3 using syncrepl (and it has all of the missing files). when working on roark, i'll shut down slapd on archvies3 and make a backup of archives3's /var/lib/ldap incase something still goes horribly wrong, maybe i could copy archives3's /var/lib/ldap to roark and start slapd on roark and it would run fine. I will try your method of stopping slapd, deleting /var/lib/ldap/* and restoring slapadd the correctly exported ldif from ldapsearch first, however. Thanks again!