Hi
For some reason (probably after update to openldap-ltb 2.6.10, or after reload
due to renewed certificate) we lost one organizationalUnit object on one of our
two provider servers. However there are still two user objects that belong to
this lost organzationalUnit. Therefore openldap created a glue object for the
lost organizationalUnit.
On the second provider server (setup as multiprovider with the first one) the
organzationalUnit object is still present and all looks like it should. I have
no idea why one of the providers is still ok and the other is not since they
are otherwise in sync as far as I can tell.
Unfortunately I did not find clear instructions on how to handle this
situation. The best instructions I found are 15 years old:
http://blog.mycroes.nl/2010/06/recovering-from-glue-objects-in.html
I have no experience with dumping everything with slapcat, deleting the whole
database directory (scary) and importing everything again and it does sound a
bit brutish.
So I asked some AI and it suggested to use ldapmodify to replace the glue
object with an ldif like this:
dn: ou=serviceusers,dc=example,dc=com
changetype: modify
add: objectClass
objectClass: organizationalUnit
-
add: ou
ou: serviceusers
However that did not work as I got the following error message:
modifying entry "ou=serviceusers,dc=example,dc=com"
ldap_modify: No such object (32)
matched DN: ou=serviceusers,dc=example,dc=com
So my question is do I have to use the method of dumping everything with
slapcat and then changeing the ldif (rewrite glue to organziationalUnit, etc.)
and importing it all again? Or is there a more elegant solution to get the
organizationalUnit back?
Thanks already in advance for every helping suggestion/link/explanation!
Best regards,
Cyril
