The reasons can vary from an emergency restore of user accounts, to changing system architecture. In this Administrator’s PowerTip we will discuss how to export(dump) LDAP data to disk, and re import it.
Administrator’s PowerTip #2: May 24, 2007
Zimbra Forums - Zimbra wiki -
Introduction:
LDAP stands for Lightweight Directory Access Protocol.
Zimbra’s LDAP contains: global configuration, user authentication, Server, Domain, and Class of Service information.
Additionally, information relating to: External LDAP Authentication and External GAL
Most of this data can be viewed and configured via the Admin Console or with the zmprov command from the shell. LDAP does not contain mail messages.
There are various reasons an administrator may want to export, or dump, the Zimbra LDAP data to disk. For example, if you are switching architectures from x86 to x64, you must dump the LDAP data to disk.
For Network Edition users, a comparable procedure is performed when a global backup is performed.
It should be noted that this procedure should NOT be used for upgrades. For example, if you are running ZCS version 4.0, and want to dump the data, you must then use ZCS version 4.0 tools to re import it. Cross version imports and exports should not be used.
Dumping LDAP Data to Disk :
Exporting the data will place all of your LDAP Data into a single, movable .LDIF file.
| su - zimbra openldap/sbin/slapcat -f /opt/zimbra/conf/slapd.conf -l /tmp/ldap.ldif |
Removing Current LDAP Data :
WARNING: DO NOT perform this on a production system. This procedure will wipe all usernames and passwords!
In order to import the LDAP data that we have exported, you will need to remove the current ldap data on the system.
| su - zimbra zmcontrol stop ps auxx | grep slapd (If ldap is still running, kill it) rm -f openldap-data/* |
Importing LDAP Data :
| su - zimbra openldap/slapadd -f /opt/zimbra/conf/slapd.conf -l /tmp/ldap.ldif |
Verify It’s Working :
| openldap/slapcat -f /opt/zimbra/conf/slapd.conf
or zmprov gaa |
More Information :
Zimbra’s LDAP Wiki Page: http://wiki.zimbra.com/index.php?title=LDAP
Introduction To LDAP: http://www.ldapman.org/articles/intro_to_ldap.html
Special Thanks to Carlos from the Zimbra Forums!
Tree Picture Credit: Guerito from Flickr - http://flickr.com/photos/guerito/6782040/
on July 4th, 2007 at 3:33 am
Can this tip be used to recover from a corrupt LDAP database? We are seeing these errors in our Zimbra log and I was wondering if dump, delete and re-import would fix the problem.
Jun 30 13:47:58 black slapd[2699]: is_entry_objectclass(”", “2.5.6.1″) no objectClass attribute
Jun 30 13:47:58 black slapd[2699]: bdb(): DB_ENV->log_flush: LSN of 1/1503308 past current end-of-log of 1/516427
Jun 30 13:47:58 black slapd[2699]: bdb(): Database environment corrupt; the wrong log files may have been removed or incompatible database
files imported from another environment
Jun 30 13:47:58 black slapd[2699]: bdb(): DB_ENV->log_flush: LSN of 1/3245384 past current end-of-log of 1/516427
Jun 30 13:47:58 black slapd[2699]: bdb(): Database environment corrupt; the wrong log files may have been removed or incompatible database
files imported from another environment
Jun 30 13:47:58 black slapd[2699]: bdb(): DB_ENV->log_flush: LSN of 1/1067196 past current end-of-log of 1/516427
Jun 30 13:47:58 black slapd[2699]: bdb(): Database environment corrupt; the wrong log files may have been removed or incompatible database
files imported from another environment