Sun Java Directory Server 6.2 corruption and recovery…


This has not been classified as a Sun Directory Server error, rather it led to
a method of recovery that I would like to share.

I was working on a pair of Sun Directory Servers (version 6.2)
recently, with a custom plugin. The servers would only start with a very peculiar error
logged every second in the error log (anyone know what this means?)

[18/Jan/2008:18:49:15
+0000] – INFORMATION – conn=-1 op=-1 msgId=-1 – allow_operation:
component identity is NULL

After
a day of researching the error proved futile, we decided to rebuild
from scratch. Fortunately the data appeared intact, though there were
replication errors galore! Secondly, the partner master server logged
the same error every second so that server also needed to be rebuilt.

I
followed the following steps. Note that this was a pair of Sun
Directory Servers (version 6.2) with only a few thousand objects
(development and QA environment). The steps below may not be optimal
for many replicated servers containing hundreds of thousands or
millions of users.

  • Export
    the old instance to LDIF

  • Create
    a new instance

  • Copy
    the certificates and schema from the old instance to the new

  • Import
    the LDIF file

  • Enable
    replication

Assumptions

  1. Sun
    Java Directory Server 6.2

  2. Solaris
    10

  3. PKG
    version of Directory Server.(location of commands differs for the
    ZIP version)

  4. The
    hostname & IP address of the new and faulty Directory instances
    are the same

  5. Two
    servers in MMR (multi-master replication)

  6. Custom
    schema in 99user.ldif

Perform
the following……………..

First Solaris
host

1.
Shutdown the faulty Directory Server

/opt/SUNWdsee/ds6/bin/dsadm
stop /var/opt/SUNWdsee/dsins1

2.Export
the data without replication information

/opt/SUNWdsee/ds6/bin/dsadm
export -Q /var/opt/SUNWdsee/dsins1 dc=company,dc=com
/export/home/CleanExport.ldif

3.
Create a new instance on port 389 since the faulty instance is not
running

/opt/SUNWdsee/ds6/bin/dsadm
create /var/opt/SUNWdsee/dsins2

4.
Copy custom schema from the faulty directory server to the new
instance

(a)
backup the new 99user.ldif

cp
/var/opt/SUNWdsee/dsins2/config/schema/99user.ldif
/var/opt/SUNWdsee/dsins2/config/schema/99user.ldif.BACKUP

(b)
copy the schema

cp
/var/opt/SUNWdsee/dsins1/config/schema/99user.ldif
/var/opt/SUNWdsee/dsins1/config/schema/

5.
Start the new instance

/opt/SUNWdsee/ds6/bin/dsadm
start /var/opt/SUNWdsee/dsins2

6.
Create the suffix

/opt/SUNWdsee/ds6/bin/dsconf
create-suffix dc=company,dc=com

7.
Import the data into the new instance

/opt/SUNWdsee/ds6/bin/dsadm
import /var/opt/SUNWdsee/dsins2 /export/home/CleanExport.ldif
dc=company,dc=com

8.
Enable replication on the new instance

/opt/SUNWdsee/ds6/bin/dsconf
enable-repl /var/opt/SUNWdsee/dsins2 -d 40404 master
dc=company,dc=com

Second
Solaris host

1.
Shutdown the faulty Directory Server


/opt/SUNWdsee/ds6/bin/dsadm stop
/var/opt/SUNWdsee/dsins1

2.Create
a new instance on port 389 since the faulty instance is not running


/opt/SUNWdsee/ds6/bin/dsadm create
/var/opt/SUNWdsee/dsins2

3.
Copy custom schema from the faulty directory server to the new
instance

(a)
backup the new 99user.ldif

cp
/var/opt/SUNWdsee/dsins2/config/schema/99user.ldif
/var/opt/SUNWdsee/dsins2/config/schema/99user.ldif.BACKUP

(b)
copy the schema

cp
/var/opt/SUNWdsee/dsins1/config/schema/99user.ldif
/var/opt/SUNWdsee/dsins1/config/schema/

4.
Create the suffix

/opt/SUNWdsee/ds6/bin/dsconf
create-suffix dc=company,dc=com

5.
Start the new instance

/opt/SUNWdsee/ds6/bin/dsadm
start /var/opt/SUNWdsee/dsins2

6.
Enable replication on the new instance

/opt/SUNWdsee/ds6/bin/dsconf
enable-repl /var/opt/SUNWdsee/dsins2 -d 50505 master
dc=company,dc=com

First Solaris
host

1.Create
replication agreement from host 1 to host 2

/opt/SUNWdsee/ds6/bin/dsconf
create-repl-agmt dc=company,dc=com secondhost:389

2.Initialize
the second Directory Server with data from the first Directory Server

/opt/SUNWdsee/ds6/bin/dsconf
init-repl-dest dc=company,dc=com secondhost:389

Technorati Tags:

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s