My OpenLDAP installation seems to be running ok, running on Fedora 8 X64 w/ openldap 2.3.43., users and groups are operating fine from LDAP. however, i'm trying to make a copy of all of the data for backup purposes, and for some reason, I can't run slapcat.
[root@roark ldap]# slapcat -v -l /root/backup.ldif -b "dc=mdah,dc=state,dc=ms,dc=us" bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2) Expect poor performance for suffix dc=mdah,dc=state,dc=ms,dc=us. bdb_db_open: db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2) bdb(dc=mdah,dc=state,dc=ms,dc=us): Unknown locker ID: 0 backend_startup_one: bi_db_open failed! (2) slap_startup failed
so /root/backup.ldif wasn't created. I look in /var/lib/ldap and it contains:
[root@roark ldap]# ls -l /var/lib/ldap/ total 772 -rw-r--r-- 1 root root 2048 2009-01-07 12:02 alock -rw------- 1 root root 24576 2009-01-06 16:59 __db.001 -rw------- 1 root root 368640 2009-01-06 16:59 __db.002 -rw------- 1 root root 270336 2009-01-06 16:59 __db.003 -rw------- 1 root root 98304 2009-01-06 16:59 __db.004 -rw------- 1 root root 557056 2009-01-06 16:59 __db.005 -rw------- 1 root root 24576 2009-01-06 16:59 __db.006 -rw------- 1 root root 10485760 2009-01-06 16:59 log.0000000001
Where are all the missing files!?!?!?!??!?! I'm scared to even restart slapd because it probably wouldn't start properly. On my server at home with a similar configuration, it has more files in /var/lib/ldap such as cn.dbd, id2entry.bdb, displayName.dbd, dn2id.bdb, gidNumber.bdb, memberUid.bdb, objectClass.bdb, sambaDomainName.bdb, sambaPrimaryGroupSID.bdb, sambaSID.bdb, sn.bdb, uid.bdb, and uidNumber.bdb.
So what can I do to get id2entry.bdb and such back on roark so that I can do a slapcat?
Are you sure your active bdb backend files are kept in /var/lib/ldap? It seems weird that your installation is running OK if those are the only files you've got. What do you have for the 'directory' directive in slapd.conf?
Adam Williams wrote:
My OpenLDAP installation seems to be running ok, running on Fedora 8 X64 w/ openldap 2.3.43., users and groups are operating fine from LDAP. however, i'm trying to make a copy of all of the data for backup purposes, and for some reason, I can't run slapcat.
[root@roark ldap]# slapcat -v -l /root/backup.ldif -b "dc=mdah,dc=state,dc=ms,dc=us" bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2) Expect poor performance for suffix dc=mdah,dc=state,dc=ms,dc=us. bdb_db_open: db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2) bdb(dc=mdah,dc=state,dc=ms,dc=us): Unknown locker ID: 0 backend_startup_one: bi_db_open failed! (2) slap_startup failed
so /root/backup.ldif wasn't created. I look in /var/lib/ldap and it contains:
[root@roark ldap]# ls -l /var/lib/ldap/ total 772 -rw-r--r-- 1 root root 2048 2009-01-07 12:02 alock -rw------- 1 root root 24576 2009-01-06 16:59 __db.001 -rw------- 1 root root 368640 2009-01-06 16:59 __db.002 -rw------- 1 root root 270336 2009-01-06 16:59 __db.003 -rw------- 1 root root 98304 2009-01-06 16:59 __db.004 -rw------- 1 root root 557056 2009-01-06 16:59 __db.005 -rw------- 1 root root 24576 2009-01-06 16:59 __db.006 -rw------- 1 root root 10485760 2009-01-06 16:59 log.0000000001
Where are all the missing files!?!?!?!??!?! I'm scared to even restart slapd because it probably wouldn't start properly. On my server at home with a similar configuration, it has more files in /var/lib/ldap such as cn.dbd, id2entry.bdb, displayName.dbd, dn2id.bdb, gidNumber.bdb, memberUid.bdb, objectClass.bdb, sambaDomainName.bdb, sambaPrimaryGroupSID.bdb, sambaSID.bdb, sn.bdb, uid.bdb, and uidNumber.bdb.
So what can I do to get id2entry.bdb and such back on roark so that I can do a slapcat?
--On Wednesday, January 07, 2009 12:08 PM -0600 Adam Williams awilliam@mdah.state.ms.us wrote:
Where are all the missing files!?!?!?!??!?! I'm scared to even restart slapd because it probably wouldn't start properly. On my server at home with a similar configuration, it has more files in /var/lib/ldap such as cn.dbd, id2entry.bdb, displayName.dbd, dn2id.bdb, gidNumber.bdb, memberUid.bdb, objectClass.bdb, sambaDomainName.bdb, sambaPrimaryGroupSID.bdb, sambaSID.bdb, sn.bdb, uid.bdb, and uidNumber.bdb. So what can I do to get id2entry.bdb and such back on roark so that I can do a slapcat?
What is the directory set to in slapd.conf? Perhaps the database isn't located in /var/lib/ldap?
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
--On Wednesday, January 07, 2009 12:36 PM -0600 Adam Williams awilliam@mdah.state.ms.us wrote:
Quanah Gibson-Mount wrote:
What is the directory set to in slapd.conf? Perhaps the database isn't located in /var/lib/ldap?
[root@roark ldap]# cat /etc/openldap/slapd.conf |grep directory directory /var/lib/ldap
And are you sure that's the slapd.conf used by your running process? I don't see how slapd could be running with valid data with all the database files missing. If they were somehow rm -f'd, I'd use ldapsearch with both regular & operational attrs to get a dump before it loses any more data.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
And are you sure that's the slapd.conf used by your running process? I don't see how slapd could be running with valid data with all the database files missing. If they were somehow rm -f'd, I'd use ldapsearch with both regular & operational attrs to get a dump before it loses any more data.
--Quanah
that is the only slapd.conf on my system and I'm using the fedora provided RPMs for openldap so it has to be loading it. also, updatedb && locate id2index.dbd returns no results.
ahh thanks, totally forgot about that. I ran ldapsearch -x -b 'dc=mdah,dc=state,dc=ms,dc=us' '(objectclass=*)' > /root/backup-ldapsearch.ldif
I think that got everything from looking at /root/backup-ldapsearch.ldif. do you think I need to run anything else to get any other information from the directory? So what do you think I should do now? stop slapd, run slapindex, and see if it regenerates the files? and if that fails, delete /var/lib/ldap/*, start slapd, and ldapadd -D "cn=Manager,dc=mdah,dc=state,dc=ms,dc=us" -w xxxxxxxxxxxxx -x -v -f root/backup-ldapsearch.ldif and keep my fingers crossed?
--On Wednesday, January 07, 2009 1:01 PM -0600 Adam Williams awilliam@mdah.state.ms.us wrote:
Quanah Gibson-Mount wrote:
And are you sure that's the slapd.conf used by your running process? I don't see how slapd could be running with valid data with all the database files missing. If they were somehow rm -f'd, I'd use ldapsearch with both regular & operational attrs to get a dump before it loses any more data.
--Quanah
that is the only slapd.conf on my system and I'm using the fedora provided RPMs for openldap so it has to be loading it. also, updatedb && locate id2index.dbd returns no results.
ahh thanks, totally forgot about that. I ran ldapsearch -x -b 'dc=mdah,dc=state,dc=ms,dc=us' '(objectclass=*)' > /root/backup-ldapsearch.ldif
This won't include the operational attributes. And I'd search as the root user, so that you can be sure to have all attributes regardless of ACLs. Right now you are doing an anonymous search.
For example:
ldapsearch -x -h freelancer.lab.zimbra.com -D "cn=config" -W + "*"
I think that got everything from looking at /root/backup-ldapsearch.ldif. do you think I need to run anything else to get any other information from the directory? So what do you think I should do now? stop slapd, run slapindex, and see if it regenerates the files? and if that fails, delete /var/lib/ldap/*, start slapd, and ldapadd -D "cn=Manager,dc=mdah,dc=state,dc=ms,dc=us" -w xxxxxxxxxxxxx -x -v -f root/backup-ldapsearch.ldif and keep my fingers crossed?
I doubt slapindex will do anything. You'll need to stop slapd, and slapadd the correctly exported ldif from ldapsearch, as I outline above.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
This won't include the operational attributes. And I'd search as the root user, so that you can be sure to have all attributes regardless of ACLs. Right now you are doing an anonymous search.
For example:
ldapsearch -x -h freelancer.lab.zimbra.com -D "cn=config" -W + "*"
Thank you Quanah, you have been invaluable. You are correct, running ldapsearch -x -b 'dc=mdah,dc=state,dc=ms,dc=us' '(objectclass=*)' wouldn't get attributes such as the passwords since it is an anonymous bind. Running ldapsearch -x -h roark.mdah.state.ms.us -D "cn=Manager,dc=mdah,dc=state,dc=ms,dc=us" -W + "*" seems to have gotten everything.
I forgot I also have a slave server named archives3 using syncrepl (and it has all of the missing files). when working on roark, i'll shut down slapd on archvies3 and make a backup of archives3's /var/lib/ldap incase something still goes horribly wrong, maybe i could copy archives3's /var/lib/ldap to roark and start slapd on roark and it would run fine. I will try your method of stopping slapd, deleting /var/lib/ldap/* and restoring slapadd the correctly exported ldif from ldapsearch first, however. Thanks again!
do you think running slapindex -c -f /etc/openldap/slapd.conf -b -b "dc=mdah,dc=state,dc=ms,dc=us" would rebuild everything in /var/lib/ldap? my biggest concern is that I have to stop slapd to run it, and with the files missing, what happens if slapindex doesn't help, and then slapd won't start? then i have a hosed system, and it's a live system for 150 users.
--On Wednesday, January 07, 2009 12:49 PM -0600 Adam Williams awilliam@mdah.state.ms.us wrote:
do you think running slapindex -c -f /etc/openldap/slapd.conf -b -b "dc=mdah,dc=state,dc=ms,dc=us" would rebuild everything in /var/lib/ldap? my biggest concern is that I have to stop slapd to run it, and with the files missing, what happens if slapindex doesn't help, and then slapd won't start? then i have a hosed system, and it's a live system for 150 users.
See my most recent reply about using ldapsearch to get a database dump instead of slapcat.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-software@openldap.org
-
Adam Williams -
George Holbert -
Quanah Gibson-Mount