If you are experiencing LDAP errors (for example, all authentication fails or the oxadmin interface reports "Can not connect to LDAP Server!") and you have tried restarting the LDAP server by running /etc/init.d/ldap restart, then you should try running the following recovery procedure:

(1) Stop the LDAP server:

/etc/init.d/ldap stop

(2) Perform the recovery:
(a) if you are running Open-Xchange on SLES 9, use the following command:

db_recover -h /var/lib/ldap

(b) if you are using Red Hat, use the following command:

/usr/sbin/slapd_db_recover -h /var/lib/ldap

(3) Reboot the machine.

In the event that the problems persist after running the above procedure, use the following procedure.

(1) Stop the ldap server

/etc/init.d/ldap stop

Just to be sure the server is stopped,

killall slapd

(2) Make a backup of your existing directory structure:

tar -cvzf ldap.tar.gz /var/lib/ldap/*

Put it someplace safe in case something goes wrong with this procedure.

(3) Perform a recovery:
(a) if you are using SLES, use the following command:

db_recover -h /var/lib/ldap -v

(b) if you are using Red Hat, use the following command:

/usr/sbin/slapd_db_recover -h /var/lib/ldap

(4) Dump the directory structure to a text file

slapcat -l ldap.ldif

(sometimes it is needed to delete all bdb files, _but_ "dn2id" and "id2entry", being able to "slapcat" the files)

(5) Verify that the resultant file (ldap.ldif) contains directory entries. If it does not, or if slapcat returned errors in step 4, try running db_recover in catastrophic mode:

db_recover -h /var/lib/ldap -v -c

(6) Delete the corrupted LDAP directory with the following command:

rm -fr /var/lib/ldap/*

(7) Recreate the DB_CONFIG file, which contains some basic informations for the bdb backend:

echo -en "set_cachesize 0 15000000 1\nset_lg_bsize 2097152\n" >/var/lib/ldap/DB_CONFIG

This file only exists on SLES9 as default.

(8) Reload the LDAP directory from the ldap.ldif file you produced in step 4 with the following command:

slapadd -l ldap.ldif

(9) The files have to be owned by the user "ldap", hence we have to run

chown -R ldap: /var/lib/ldap

(10) Start the LDAP server

/etc/init.d/ldap start

Test: If the command "ldapsearch -x uid=mailadmin" returns any results, everything went well.