[Fedora-directory-users] Creating backup LDAP server.

Rich Megginson rmeggins at redhat.com
Thu Jul 10 22:18:28 UTC 2008 

John Oliver wrote:
> On Thu, Jul 10, 2008 at 01:40:25PM -0600, Rich Megginson wrote:
>   
>> John Oliver wrote:
>>     
>>> One of the projects on my plate is to have a working backup of an
>>> existing fedora-ds server.  I installed fedora-ds under CentOS 5.2 and
>>> copied over the files that result from ns-slapd db2archive from the
>>> existing server to the new machine.
>>>
>>> First off, I know nothing about LDAP or fedora-ds in particular :-)
>>>
>>> After looking at the existing server and what I had after installing on
>>> the new server, I decided that running /usr/sbin/setup-ds-admin.pl was
>>> probably necessary.  I went through, answering the questions as best I
>>> could (and figuring that the answers would be overwritten when I
>>> restored the backup).  I got this:
>>>
>>> [08/07/10:10:18:52] - [Setup] Info Are you ready to set up your servers?
>>> [08/07/10:10:18:56] - [Setup] Info yes
>>> [08/07/10:10:18:56] - [Setup] Info Creating directory server . . .
>>> [08/07/10:10:18:59] - [Setup] Info Your new DS instance 'unix-services2'
>>> was suc
>>> cessfully created.
>>> [08/07/10:10:18:59] - [Setup] Info Creating the configuration directory
>>> server .
>>> . .
>>> [08/07/10:10:22:08] - [Setup] Fatal Error: failed to open an LDAP
>>> connection to
>>> host 'unix-services2.my.domain.com.com' port '389' as user
>>> 'cn=Directory Ma
>>> nager'.  Error: unknown.
>>> [08/07/10:10:22:08] - [Setup] Fatal Failed to create the configuration
>>> directory
>>> server
>>> [08/07/10:10:22:08] - [Setup] Fatal Exiting . . .
>>> Log file is '/tmp/setupVSpvCl.log
>>>
>>>
>>> Yes, that's two ".com"s  No idea why.
>>>  
>>>       
>> Check /etc/hosts, /etc/nsswitch.conf, and /etc/resolv.conf, and check 
>> that against what you typed in as your hostname and what DNS resolves it to.
>>     
>
> All are correct.  /etc/hosts has the correct FQDN as well as hostname.
> /etc/resolv.conf is pointed to two working DNS servers.  And
> /etc/nsswitch.conf has "hosts:      files dns"
>
> Is there a way to tell it to remove the problematic stuff and try to set
> up again?
>   
When you run setup-ds-admin.pl, and it asks you for the hostname, does 
it have the correct hostname or the bogus one?  If you specify the 
correct hostname at the dialog prompt, it will use the correct one 
throughout.
>   
>>> So, I stop the dirsrv process and try:
>>>
>>> [root at localhost ~]# ns-slapd archive2db -D
>>> /etc/dirsrv/slapd-unix-services2 -a
>>> /var/lib/dirsrv/slapd-unix-services2/in
>>> [10/Jul/2008:11:05:39 -0700] - ERROR: target server has no NetscapeRoot
>>> configured
>>> [10/Jul/2008:11:05:39 -0700] - archive2db: Failed to read backup file
>>> set. Either the directory specified doesn't exist, or it exists but
>>> doesn't contain a valid backup set, or file permissions prevent the
>>> server reading the backup set.  error=53 (Invalid request descriptor)
>>>  
>>>       
>> Don't use ns-slapd archive2db directly - use the scripts in 
>> /usr/lib/dirsrv/slapd-instance (db2bak, bak2db, etc.) instead.
>>     
>
> [root at unix-services2 ~]# /usr/lib/dirsrv/slapd-unix-services2/bak2db
> /var/lib/dirsrv/slapd-unix-services2/in/
> [10/Jul/2008:14:56:40 -0700] - ERROR: target server has no NetscapeRoot
> configured
> [10/Jul/2008:14:56:40 -0700] - archive2db: Failed to read backup file
> set. Either the directory specified doesn't exist, or it exists but
> doesn't contain a valid backup set, or file permissions prevent the
> server reading the backup set.  error=53 (Invalid request descriptor)
> [root at unix-services2 ~]# ls /var/lib/dirsrv/slapd-unix-services2/in/
> DBVERSION       dse_instance.ldif  NetscapeRoot
> dse_index.ldif  log.0000000076     userRoot
The backup was created in a server with both userRoot and NetscapeRoot, 
but you are attempting to restore it in a server that does not have 
NetscapeRoot.  You need to create a root suffix called o=NetscapeRoot 
with an associated database called NetscapeRoot.  You can do this in the 
console.  *http://tinyurl.com/595tyy*

If you don't want NetscapeRoot at all, you could try exporting your old 
database to LDIF using db2ldif or db2ldif.pl, to get just the userRoot 
part (i.e. the suffix that you keep your real user&group data in).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20080710/1c4c47da/attachment.bin>

More information about the 389-users mailing list