Tuesday Jan 22, 2008
Sun Java Directory Server 6.2 corruption and recovery...
This has not been classified as a Sun Directory Server error, rather it led to a method of recovery that I would like to share.
I was working on a pair of Sun Directory Servers (version 6.2) recently, with a custom plugin. The servers would only start with a very peculiar error logged every second in the error log (anyone know what this means?)
[18/Jan/2008:18:49:15 +0000] - INFORMATION - conn=-1 op=-1 msgId=-1 - allow_operation: component identity is NULL
After a day of researching the error proved futile, we decided to rebuild from scratch. Fortunately the data appeared intact, though there were replication errors galore! Secondly, the partner master server logged the same error every second so that server also needed to be rebuilt.
I followed the following steps. Note that this was a pair of Sun Directory Servers (version 6.2) with only a few thousand objects (development and QA environment). The steps below may not be optimal for many replicated servers containing hundreds of thousands or millions of users.
Export the old instance to LDIF
Create a new instance
Copy the certificates and schema from the old instance to the new
Import the LDIF file
Enable replication
Assumptions
Sun Java Directory Server 6.2
Solaris 10
PKG version of Directory Server.(location of commands differs for the ZIP version)
The hostname & IP address of the new and faulty Directory instances are the same
Two servers in MMR (multi-master replication)
Custom schema in 99user.ldif
Perform the following.................
First Solaris host
1. Shutdown the faulty Directory Server
/opt/SUNWdsee/ds6/bin/dsadm stop /var/opt/SUNWdsee/dsins1
2.Export the data without replication information
/opt/SUNWdsee/ds6/bin/dsadm export -Q /var/opt/SUNWdsee/dsins1 dc=company,dc=com /export/home/CleanExport.ldif
3. Create a new instance on port 389 since the faulty instance is not running
/opt/SUNWdsee/ds6/bin/dsadm create /var/opt/SUNWdsee/dsins2
4. Copy custom schema from the faulty directory server to the new instance
(a) backup the new 99user.ldif
cp /var/opt/SUNWdsee/dsins2/config/schema/99user.ldif /var/opt/SUNWdsee/dsins2/config/schema/99user.ldif.BACKUP
(b) copy the schema
cp /var/opt/SUNWdsee/dsins1/config/schema/99user.ldif /var/opt/SUNWdsee/dsins1/config/schema/
5. Start the new instance
/opt/SUNWdsee/ds6/bin/dsadm start /var/opt/SUNWdsee/dsins2
6. Create the suffix
/opt/SUNWdsee/ds6/bin/dsconf create-suffix dc=company,dc=com
7. Import the data into the new instance
/opt/SUNWdsee/ds6/bin/dsadm import /var/opt/SUNWdsee/dsins2 /export/home/CleanExport.ldif dc=company,dc=com
8. Enable replication on the new instance
/opt/SUNWdsee/ds6/bin/dsconf enable-repl /var/opt/SUNWdsee/dsins2 -d 40404 master dc=company,dc=com
Second Solaris host
1. Shutdown the faulty Directory Server
/opt/SUNWdsee/ds6/bin/dsadm stop /var/opt/SUNWdsee/dsins1
2.Create a new instance on port 389 since the faulty instance is not running
/opt/SUNWdsee/ds6/bin/dsadm create /var/opt/SUNWdsee/dsins2
3. Copy custom schema from the faulty directory server to the new instance
(a) backup the new 99user.ldif
cp /var/opt/SUNWdsee/dsins2/config/schema/99user.ldif /var/opt/SUNWdsee/dsins2/config/schema/99user.ldif.BACKUP
(b) copy the schema
cp /var/opt/SUNWdsee/dsins1/config/schema/99user.ldif /var/opt/SUNWdsee/dsins1/config/schema/
4. Create the suffix
/opt/SUNWdsee/ds6/bin/dsconf create-suffix dc=company,dc=com
5. Start the new instance
/opt/SUNWdsee/ds6/bin/dsadm start /var/opt/SUNWdsee/dsins2
6. Enable replication on the new instance
/opt/SUNWdsee/ds6/bin/dsconf enable-repl /var/opt/SUNWdsee/dsins2 -d 50505 master dc=company,dc=com
First Solaris host
1.Create replication agreement from host 1 to host 2
/opt/SUNWdsee/ds6/bin/dsconf create-repl-agmt dc=company,dc=com secondhost:389
2.Initialize the second Directory Server with data from the first Directory Server
/opt/SUNWdsee/ds6/bin/dsconf init-repl-dest dc=company,dc=com secondhost:389
Technorati Tags: directory-server Sun Java Directory Server
Posted at 02:41PM Jan 22, 2008 by Jonathan Gershater in Identity & Directory Server |
