Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: broken LDAP

  1. #1
    Join Date
    Oct 2011
    Posts
    6
    Rep Power
    4

    Default broken LDAP

    hi all,
    I have single server deployment of zcs-7.1.1_GA_3196.F11.20110527000857
    I had hardware issue with power break and when server booted back, my csfk corrupted these files:
    - config db for slapd
    - binary files of LDAP
    - text files of LDAP log
    - text files of LDAP backup

    I corrected config db for slapd by copying from config files, that works. but when I tried to start ldap service, I get error from slapd with description about unparseable database file.
    What I tried is googling and searchiong here, but all I found was based on ldap backup files or log files, which I can't use.

    So what I need is some hint how to rebuild LDAP content or how to delete ldap content and create new one to get it working back.
    many thanks to everyone helping..

  2. #2
    Join Date
    Oct 2011
    Posts
    6
    Rep Power
    4

    Default

    nobody is able to help?

  3. #3
    smpoole7 Guest

    Default

    Quote Originally Posted by jajapaja28 View Post
    nobody is able to help?
    Two suggestions, but they're not going to help you much now. In the future, you should do regular backups. If your database is corrupted, the answer is to restore from a known good backup. That's the best way to do it.

    Second, you need a UPS to prevent power interruptions, if you don't already have one.

    Hate to tell you this, unless someone here knows some really deep LDAP/database recovery guru-stuff, you'll probably have to reinstall and start all over.

  4. #4
    Join Date
    Oct 2011
    Posts
    6
    Rep Power
    4

    Default

    first, thanks for reaction..

    Quote Originally Posted by smpoole7 View Post
    Two suggestions, but they're not going to help you much now. In the future, you should do regular backups. If your database is corrupted, the answer is to restore from a known good backup. That's the best way to do it.
    of course, but it is too late now.

    Quote Originally Posted by smpoole7 View Post
    Second, you need a UPS to prevent power interruptions, if you don't already have one.
    I have UPS, it was fail of my motherboard..

    Quote Originally Posted by smpoole7 View Post
    Hate to tell you this, unless someone here knows some really deep LDAP/database recovery guru-stuff, you'll probably have to reinstall and start all over.
    I see, I have no problem to make new instalation of whole server, question is then how to migrate data (emails, contacts, calendars) to new instalation when old server is not able to be up and I don§t know how to export data

  5. #5
    smpoole7 Guest

    Default

    Quote Originally Posted by jajapaja28 View Post
    I see, I have no problem to make new instalation of whole server, question is then how to migrate data (emails, contacts, calendars) to new instalation when old server is not able to be up and I don§t know how to export data
    That's just it. You can't trust your database, so you couldn't trust the exported data, anyway. When I say you'll have to start over from scratch, that's just what you'll have to do.

    Now, if it's just usernames, if you can get LDAP running, you could possibly use an LDAP browser. There are plenty of posts here about LDAP browsing; do a search. But if you want to recover that old email, that's a different matter entirely.

    Don't take this the wrong way, because I've been where you are. I suspect that the reason no one else posted a reply is because the answer is obvious: no backup, you have a ton of work to do.

    You could possibly hire a data recovery expert to see what he/she could recover. That will be very expensive. But this is just a classic case of, "things blew up and I don't have a backup." That's how it has to be treated.

  6. #6
    smpoole7 Guest

    Default Detail

    Let me explain a little further. Nothing that I say here is anything that you couldn't find in a more detailed search here and elsewhere; but maybe it bears repeating.

    First, I emphasize that I've been in your place and I know how you feel. You have my sympathy. But just like a patient with cancer, would rather I lie to you and give you false hope, or get to the bottom line?

    The bottom line is that yours is the worst kind of failure: the hardware apparently stopped right in the middle of major server operations. You don't know the state of that data. If it was in the middle of rearranging a bunch of records, or something like that, you will NOT be able to recover much, if anything, even if you use a professional recovery service. You'll STILL have a ton of work to do, because YOU will have to go through that recovered data and decide what's good and what's bad, one record at a time.

    Again: I speak from experience. For example, even if you recover some of those calendar records, you won't be able to trust them. They're liable to say that your daughter's birthday party is in 2014 at 73:00AM. See what I'm saying?

    And to myself and anyone else who hits this post in the dark, distant future: KEEP BACKUPS. IT'S NOT OPTIONAL.

    Bad news all around. But the quickest answer, and the only one I can give you with a clear conscience, is to apologize to your users, build a new server and start entering the data again from a fresh start.
    Last edited by smpoole7; 05-30-2012 at 05:42 AM. Reason: Add a line

  7. #7
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,374
    Rep Power
    11

    Default

    Quote Originally Posted by jajapaja28 View Post

    I see, I have no problem to take new instalation of whole server, question is then how to migrate data (emails, contacts, calendars) to new instalation when old server is not able to be up and I don§t know how to export data
    If LDAP is totally gone then you have no mailbox user-to-UID mapping. MySQL stores the UID-to-file_directory information, so unless you have working LDAP, MySQL and the actual mail blobs, it's impossible to recover email, contacts and calendars via an export of some sort.

    Nevertheless, if only the mail blobs are intact, you can at least recover all of the email -- but it's a very manual process:

    1. Copy /opt/zimbra/store someplace safe.
    2. Create a list of all of the mailboxes on the system in Excel or a text file.
    3. Explore the subdirectories in your copy of /opt/zimbra/store, opening mailblobs in a text editor to get the recipient.
    4. Once you have identified which subdirectory belongs to which user, update your text file or spreadsheet.
    5. Copy the identified directories to a new tree, with each directory named as the user (doesn't have to be exact, just human-readable).
    6. Deploy a Courier IMAP server and configure user accounts to match what was in Zimbra and point each account to the recovered directories. Courier can read Zimbra mailblobs directly.
    7. Deploy the replacement Zimbra server and create the mailboxes.
    8. Using an email client of your choice, for each user's mailbox connect the email client to both the new Zimbra server and the Courier IMAP server, and then drag 'n drop the emails from the Courier IMAP server into the Zimbra mailbox.
    9. When finished you can destroy the Courier accounts in the email client and then destroy the Courier server.
    10. Users will need to recreate Contacts and Calendar entries, but if they kept a local copy they can just import into Zimbra.
    11. All of the Zimbra Sharing will need to be recreated, as well as Admin accounts and other Zimbra-specific configurations.


    It is for these kinds of situations that companies pay for the Professional Edition, if only just to get supported backups (not to mention Mobile integration).

    If you have a few dozen mailboxes, the recovery process is not so bad. If you have a few thousand mailboxes...

    Anyway, hope that helps, and best of luck with your recovery!
    Mark

  8. #8
    Join Date
    Oct 2011
    Posts
    6
    Rep Power
    4

    Default

    Quote Originally Posted by smpoole7 View Post
    First, I emphasize that I've been in your place and I know how you feel. You have my sympathy.
    thanks for that!

    Quote Originally Posted by smpoole7 View Post
    The bottom line is that yours is the worst kind of failure: the hardware apparently stopped right in the middle of major server operations. You don't know the state of that data. If it was in the middle of rearranging a bunch of records, or something like that, you will NOT be able to recover much, if anything, even if you use a professional recovery service. You'll STILL have a ton of work to do, because YOU will have to go through that recovered data and decide what's good and what's bad, one record at a time.
    have you ever heard about transactional access? I have no problem with mysql data, only LDAP database is stored in binary file! binary! OMG..

    Quote Originally Posted by smpoole7 View Post
    Again: I speak from experience. For example, even if you recover some of those calendar records, you won't be able to trust them. They're liable to say that your daughter's birthday party is in 2014 at 73:00AM. See what I'm saying?
    this is general problem, do you trust your data whenever you need it? bad way. The same for car navigation, are you still driving ahead when your navi says that? of course not.. so this is tool only and I'm using it as a tool, everybody should accept that tis CAN FAIL FOR SOME REASON.

    Quote Originally Posted by smpoole7 View Post
    And to myself and anyone else who hits this post in the dark, distant future: KEEP BACKUPS. IT'S NOT OPTIONAL.
    Sure, I know. Next level of your sentence is - keep backup on different storage/filesystem.

    Quote Originally Posted by smpoole7 View Post
    Bad news all around. But the quickest answer, and the only one I can give you with a clear conscience, is to apologize to your users, build a new server and start entering the data again from a fresh start.
    My idea is somehow create new LDAP database and join new records to some IDs of zimbra backend. Of course I will make completely new instance when it is not reasonable way..

  9. #9
    Join Date
    Oct 2011
    Posts
    6
    Rep Power
    4

    Default

    Quote Originally Posted by LMStone View Post
    If LDAP is totally gone then you have no mailbox user-to-UID mapping. MySQL stores the UID-to-file_directory information, so unless you have working LDAP, MySQL and the actual mail blobs, it's impossible to recover email, contacts and calendars via an export of some sort.

    Nevertheless, if only the mail blobs are intact, you can at least recover all of the email -- but it's a very manual process:
    Thanks Mark for this, it is usable for emails only, right? what about contacts, calendars?

  10. #10
    Join Date
    Oct 2011
    Posts
    6
    Rep Power
    4

    Default

    and for better idea about how big it is.. this is private server for about 5 domains with few users and about 5GB total mailboxes/calendars/tasks/contacts size.

    And because I have only few users (plus some system accounts), it should not be complicated to create new ldap database with similar entries and remap them to other storages.. but what I miss here is knowhow about ldap structure, system accounts and joining to other internal components.
    Last edited by jajapaja28; 05-30-2012 at 12:34 PM.

Similar Threads

  1. Failed to bind to LDAP server
    By tezarin in forum Administrators
    Replies: 4
    Last Post: 01-23-2012, 08:26 AM
  2. [SOLVED] LDAP Broken on non-new installation.
    By frogstarr78 in forum Administrators
    Replies: 4
    Last Post: 01-26-2011, 02:38 PM
  3. LDAP Cannot bind on migration to new server
    By neekster in forum Migration
    Replies: 23
    Last Post: 03-09-2009, 02:08 AM
  4. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM
  5. Replies: 4
    Last Post: 11-15-2006, 11:16 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •