OpenLDAP check database – Valuable Tech Notes

favorite

I'm using now OpenLDAP server ( slapd ) to manage my authentication / authorization mechanism. I have an issue:

something slapd process doesn't restart for error in database ( about some entry ) or configuration error.

Now, I use to check configuration sldaptest -F /etc/ldap/slapd.d/ command line, but to check any corruption errors in database ?

I have daily dump in ldif of my datas, but I would like be sure that this dump is error-free.

Thanks

Details:

OS: Ubuntu 14.04
kernel:3.13.0-43generic
slapd version: 2.4.31

My script:

dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=example,dc=com" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=com" write by * read
olcAccess: {3}to dn.subtree="dc=th,dc=company,dc=com" by set="[cn=app_all,ou=Groups,dc=th,dc=company,dc=com]/member*" write by * read

Best Answer

I would assume that if the dump finishes without an error, you can assume it to be correct. To be extra sure, you could configure a separate database inside OpenLDAP and import the dump back into this db.

Beside that, having random data or config errors is not normal, this should never happen. You need to investigate this and fix the problem causing it.

Best Answer

Related Solutions

Mysql – OpenLDAP MySQL Integration – Database Location for OpenLDAP back-sql metadata mapping tables

Openldap and digest-md5: no secret in database

Related Topic