Sun Java Directory Server 6.2 corruption and recovery...

This has not been classified as a Sun Directory Server error, rather it led to a method of recovery that I would like to share.

I was working on a pair of Sun Directory Servers (version 6.2) recently, with a custom plugin. The servers would only start with a very peculiar error logged every second in the error log (anyone know what this means?)

[18/Jan/2008:18:49:15 +0000] - INFORMATION - conn=-1 op=-1 msgId=-1 - allow_operation: component identity is NULL

After a day of researching the error proved futile, we decided to rebuild from scratch. Fortunately the data appeared intact, though there were replication errors galore! Secondly, the partner master server logged the same error every second so that server also needed to be rebuilt.

I followed the following steps. Note that this was a pair of Sun Directory Servers (version 6.2) with only a few thousand objects (development and QA environment). The steps below may not be optimal for many replicated servers containing hundreds of thousands or millions of users.

  • Export the old instance to LDIF

  • Create a new instance

  • Copy the certificates and schema from the old instance to the new

  • Import the LDIF file

  • Enable replication


Assumptions

  1. Sun Java Directory Server 6.2

  2. Solaris 10

  3. PKG version of Directory Server.(location of commands differs for the ZIP version)

  4. The hostname & IP address of the new and faulty Directory instances are the same

  5. Two servers in MMR (multi-master replication)

  6. Custom schema in 99user.ldif


Perform the following.................


First Solaris host

1. Shutdown the faulty Directory Server

/opt/SUNWdsee/ds6/bin/dsadm stop /var/opt/SUNWdsee/dsins1


2.Export the data without replication information

/opt/SUNWdsee/ds6/bin/dsadm export -Q /var/opt/SUNWdsee/dsins1 dc=company,dc=com /export/home/CleanExport.ldif


3. Create a new instance on port 389 since the faulty instance is not running

/opt/SUNWdsee/ds6/bin/dsadm create /var/opt/SUNWdsee/dsins2


4. Copy custom schema from the faulty directory server to the new instance

(a) backup the new 99user.ldif

cp /var/opt/SUNWdsee/dsins2/config/schema/99user.ldif /var/opt/SUNWdsee/dsins2/config/schema/99user.ldif.BACKUP


(b) copy the schema

cp /var/opt/SUNWdsee/dsins1/config/schema/99user.ldif /var/opt/SUNWdsee/dsins1/config/schema/


5. Start the new instance

/opt/SUNWdsee/ds6/bin/dsadm start /var/opt/SUNWdsee/dsins2


6. Create the suffix

/opt/SUNWdsee/ds6/bin/dsconf create-suffix dc=company,dc=com


7. Import the data into the new instance

/opt/SUNWdsee/ds6/bin/dsadm import /var/opt/SUNWdsee/dsins2 /export/home/CleanExport.ldif dc=company,dc=com


8. Enable replication on the new instance

/opt/SUNWdsee/ds6/bin/dsconf enable-repl /var/opt/SUNWdsee/dsins2 -d 40404 master dc=company,dc=com


Second Solaris host

1. Shutdown the faulty Directory Server

/opt/SUNWdsee/ds6/bin/dsadm stop /var/opt/SUNWdsee/dsins1


2.Create a new instance on port 389 since the faulty instance is not running

/opt/SUNWdsee/ds6/bin/dsadm create /var/opt/SUNWdsee/dsins2


3. Copy custom schema from the faulty directory server to the new instance

(a) backup the new 99user.ldif

cp /var/opt/SUNWdsee/dsins2/config/schema/99user.ldif /var/opt/SUNWdsee/dsins2/config/schema/99user.ldif.BACKUP


(b) copy the schema

cp /var/opt/SUNWdsee/dsins1/config/schema/99user.ldif /var/opt/SUNWdsee/dsins1/config/schema/


4. Create the suffix

/opt/SUNWdsee/ds6/bin/dsconf create-suffix dc=company,dc=com


5. Start the new instance

/opt/SUNWdsee/ds6/bin/dsadm start /var/opt/SUNWdsee/dsins2


6. Enable replication on the new instance

/opt/SUNWdsee/ds6/bin/dsconf enable-repl /var/opt/SUNWdsee/dsins2 -d 50505 master dc=company,dc=com


First Solaris host


1.Create replication agreement from host 1 to host 2

/opt/SUNWdsee/ds6/bin/dsconf create-repl-agmt dc=company,dc=com secondhost:389


2.Initialize the second Directory Server with data from the first Directory Server

/opt/SUNWdsee/ds6/bin/dsconf init-repl-dest dc=company,dc=com secondhost:389



Technorati Tags:

Comments:

Post a Comment:
Comments are closed for this entry.
About

Jonathan Gershater

Search

Archives
« April 2015
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
  
       
Today