Description of problem: The problem is in init script (/etc/rc.d/init.d/ldap) If recovery is required for bdb backend databases (because of unclean shutdown or other reason), the script prevents automatic recovery on start. On start (in configtest procedure) it tries to execute "slaptest". If it fails, it won't continue. If it fails because a bdb recovery is needed, then it is not possible to start slapd from initscipts. The automatic recovery is not performed because "slaptest" implies read-only mode. The output looks like: "[root@daisy ldap]# service ldap start Checking configuration files for slapd: bdb_db_open: unclean shutdown detected; attempting recovery. bdb_db_open: Recovery skipped in read-only mode. Run manual recovery if errors are encountered." When slapd is then run from command line then it performs automatic recovery and works fine. It is possible then to start slapd from initscripts. It hit me really hard - the ldap has user and group database and the nss_ldap has very long timeouts, so to be able to get the machine working after crash I had to go in single user mode and fix it by hand. Version-Release number of selected component (if applicable): openldap-2.3.43-12.el5 How reproducible: Always Steps to Reproduce: 1. Corrupt the openldap bdb files in such fashion that recovery is required and automatic recovery will be able to handle this (it may be tricky :) 2. Try to start openldap: service ldap start 3. Actual results: The slapd doesn't start, as the initscript fails in earlier stage (at slaptest) Expected results: The slapd is started and performs automatic recovery. I think that the "configtest" part of this script should report errors but it shouldn't do an exit in case of failure. The script should try to start the slapd anyway. Additional info:
Actually just calling slaptest with -u every time will do the trick. But this is a change of behavior which is not likely to be expected in RHEL-5. It is a good idea to fix it in RHEL-6 though.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
This request was erroneously denied for the current release of Red Hat Enterprise Linux. The error has been fixed and this request has been re-proposed for the current release.
Resolved in openldap-2.3.43-20.el5
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: - openldap-servers package is installed, the server was shutdown incorrectly and the database needs recovery - openldap intiscript will refuse to start the server - added option to the tool, which checks openldap server configuration, to skip database checks - the openldap server will start and the database is recovered automatically at the startup
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0155.html