While copying some ldap databases to another environment I faced several issues, here I’ll leave a list of useful things to do/check everytime we need to perform this kind of task.
Because I’m working with LDAP 2.4 you’ll notice that I’m using the new «DIT» format (cn=config) instead of the deprecated «.conf» files, you can learn alot about the basics just reading this article on Digital Ocean.
- Copy the whole configuration into the new server (usually from) /etc/openldap
- Copy all the ldap information into the new server, databases, logs, etc.. (usually from) /var/lib/ldap
#Once the files are placed into the new server give the correct permissions to the user which is going to run # the service: $> sudo chown -R ldap: /var/lib/ldap $> sudo chmod g+rw /var/lib/ldap # depending on your system verify which permissions you need in /etc/openldap
#perform a db recover $> db_recover -c -v -f -h /var/lib/ldap
#Try to start the server in debug mode and fix any possible error $> /usr/sbin/slapd -u ldap -h "ldapi:/// ldap:///" -4 -d 2
Errors while configuring
bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
Start Openldap with a higher debugging level:
$> /usr/sbin/slapd -u ldap -h "ldapi:/// ldap:///" -4 -d 3
I saw this line in the output (this is how I knew that I needed to add the «people» schema:
5aaa82a3 bdb_dn2entry("ou=people,c=arg,o=company") 5aaa82a3 => bdb_dn2id("o=company") 5aaa82a3 => bdb_dn2id("ou=people,c=arg,o=company") 5aaa82a3 <= bdb_dn2id:get failed: BDB0073 DB_NOTFOUND: No matching key/data pair found (-30988) 5aaa82a3 => ldap_read: want=8 error=Resource temporarily unavailable
It’s possible you need to add some schemas into your database. In my case after deleting everything from /var/lib/ldap to have a fresh start I needed to add this (in example):
ldapadd -x -h localhost -D "dc=admin,o=company" -W -f first_items.ldif
This is the content of first_items.ldif
dn: o=company o: COMPANY objectClass: organization objectClass: top # lolo, company dn: c=lolo,o=company c: lolo objectClass: country objectClass: top # Group, lolo, company dn: ou=Group,c=lolo,o=company objectClass: top objectClass: organizationalUnit ou: Group # Group, lolo, company dn: ou=people,c=lolo,o=company objectClass: top objectClass: organizationalUnit ou: people
Errors after running the service
BDB1546 unable to join the environment
This happened because a log filled my / to 100%, after freeing some space the ldap service worked fine.