LDAP server gone -> impossible to login locally!

[Olivier Nicole]

> > On a related note, why is slapd so damn fragile? It's a righteous pain 
> > in the bum the way you have to run db_recover-X.Y /var/db/openldap-data 
> > if slapd fails to start.
> Yes, this is a lot of pain. I have had issues the same way and never 
> figured out what the reason was. /var/ is very often corrupted after a 
> crash, power failure or unclean reboot. Maybe not slpad is that fragile, 
> but db47 is.
 
Last June, we had to shutdown our openldap server every night, I
noticed that a simple halt(8) would leave the bdb backend database in
a corrupted state.

It worked well if I /usr/local/etc/rc.d/slapd stop and sync(8) a couple
of type before I halt(8).

After that I wrote a small script that would take a backup of the ldap
data every 2 hours and keep 5 days of backup.

It seems that Berkeley DB has a lot of options that need to be
configured to be working optimally with openldap. Maybe soft-update
should be desactivated from the filesystem where the db files reside.

Bests,

Olivier