After restoring an OpenLDAP server I found these lines in the logs:
Mar 5 06:50:03 ldap slapd: <= bdb_equality_candidates: (uidNumber) index_param failed (13) Mar 5 06:50:04 ldap slapd: <= bdb_equality_candidates: (uid) index_param failed (13)
This means OpenLDAP is query’ing its database, but found no index for fields it often uses. In this case ‘uid’ and ‘uidNumber’. It seems due to restoring the backup, these indexes got lost. Here is how to add the indexes again:
Stop the OpenLDAP server:
Open the config file where we’ll add the indexes:
Add the new indexes, after the first ‘olcDbIndex: objectClass eq in’ line. In my case this was in the file:
... olcDbIndex: objectClass eq ...
And I changed that to:
... olcDbIndex: objectClass eq olcDbIndex: uid eq olcDbIndex: uidNumber eq olcDbIndex: uniqueMember eq olcDbIndex: gidNumber eq ...
Be sure not to touch other settings in that file. Just add the lines after the first index. After that, make sure to reindex the database:
slapindex -F /etc/ldap/slapd.d/
Since I ran that as root user, I need to fix permissions afterwards:
chown -R openldap:openldap /var/lib/ldap
Make sure when you do a ‘ls -la’ on /var/lib/ldap, all files (including the folder itself) are owner and group ‘openldap’, otherwise OpenLDAP will not start.
Now it’s time to start OpenLDAP again:
And all should be well again! When it does not start and look like this:
PANIC: fatal region error detected; run recovery
Be sure to check the permissions as stated above!