LDAP database consistency check

[ezyang]

We should perform periodic consistency checks between the LDAP databases; in particular, this is a good thing to do after a server has crashed. Here's one very simple way you can do it that appears to work in practice:

[root@old-faithful ~]# cat > test.sh
#!/bin/sh
sort $2 | sha1sum -
[root@old-faithful ~]# chmod a+x test.sh
[root@old-faithful ~]# VISUAL=./test.sh ldapvi -b dc=scripts,dc=mit,dc=edu
  14878 entries read                                                                                                                             
1b7f526e87314b5a9fac5edaa2c65f860e467db5  -
No changes.

More robust methods may be possible. This is a good candidate for script-ifying or putting into Nagios.

[mitchb]

As we've discussed before, this isn't correct, because replication is asynchronous. It's good to do as a check when nothing's going on to sanity-check consistency after a crash, but it's wrong to tell Nagios that something's wrong if a change hasn't propagated all over yet. Nagios already checks for replication errors.

[ezyang]

"Not so easy."