recover ldap database without log files
A colleague of mine accidentally deleted ldap transaction log files (from /var/lib/ldap) on our ldap 2.4 server running on centos. Now the slapd deamon won't start, when running it with debug flag here'e what is says:
file id2entry.bdb has LSN 754/2932421, past end of log at 1/660
sept. 11 12:40:14 centos7.ent.univ slapd[4917]: bdb(dc=uit,dc=ac,dc=ma): BDB2507 Commonly caused by moving a database from one database environment
sept. 11 12:40:14 centos7.ent.univ slapd[4917]: bdb(dc=uit,dc=ac,dc=ma): BDB2508 to another without clearing the database LSNs, or by removing all of
sept. 11 12:40:14 centos7.ent.univ slapd[4917]: bdb(dc=uit,dc=ac,dc=ma): BDB2509 the log files from a database environment
I attempted running the db_recover utility, it says recovery was successfull, but slapd won't start yet, same error.
Knowing for sure that the deletion of the log files is the culprit, and not having any backup files, is there any way to recover the database without the log files ?
Solution 1:
After several hours of trial an failure, here's what did it:
- Backup /var/lib/ldap and /etc/openldap
tar -czf ldap.bak.gzip /var/lib/ldap /etc/openldap
- Create a dump of the bdb files in /var/lib/ldap
db_dump -f file.dump file.bdb
- delete the bdb files then build them again using db_load (note down all the files if you delete them at once, or do it one by one)
rm -f file.bdb
db_load -f file.dump file.bdb
If you run into an error when running db_dump, run:
db_recover -h /var/lib/ldap
once you've built all the bdb files from dump files, make sure they're owned by the right user:
chown ldap:ldap /var/lib/ldap/*
Try to start the ldap deamon:
service slapd start
You might try to run another db_recover if it still won't start, but if all the bdb files were rebuilt successfully and have the right permissions, the deamon should start. At this point backup all your data to an ldif file:
slapcat > ldap.bak.ldif
Using an LDAP client, try manipulating data (add, edit, delete operations) if all is OK then good for you, if not, reinstall your LDAP server and restore the data using the ldif backup you made.
Solution 2:
@Assil, I saved a lot of time thanks to you
My simple additions:
- Dump all bdb files
mkdir /tmp/slapd-dump
cd /var/lib/ldap
find -type f -name "*.bdb" -exec db_dump -f /tmp/slapd-dump/{} {} \
- Restore from dump
cd /tmp/slapd-dump
find -type f -name "*.bdb" -exec db_load -f {} /var/lib/ldap/{} \;
cd /var/lib/ldap
- Refresh log files
rm -rf log.*
db_recover
- Manual start slapd
sudo -u ldap slapd
-
Kill slapd
-
Start slapd as service
For normal clean old log files do:
db_archive -d -h /var/lib/ldap/