How to cleanup your OpenLDAP database (mdb) in order to reduce its disk space
You might have received a Nagios warning that your mdb database is reaching its maxsize limit
SLAPD MDB CRITICAL: More than 90% (in fact 93%) of mdb database is use, please increase ldap/database/mdb/maxsize (and restart ldap server)
Especially with 32-Bit systems there often is no way to raise the limit so reducing the used size is the better option.
free up pre-allocs
It might be sufficient to free up preallocated space in the mdb file by simply coping it as follows
root@ucs:~# mkdir /var/lib/univention-ldap/ldap-new
root@ucs:~# systemctl stop slapd.service
root@ucs:~# mdb_copy -c /var/lib/univention-ldap/ldap/ /var/lib/univention-ldap/ldap-new
root@ucs:~# mv /var/lib/univention-ldap/ldap /var/lib/univention-ldap/ldap-old
root@ucs:~# mv /var/lib/univention-ldap/ldap-new /var/lib/univention-ldap/ldap
root@ucs:~# systemctl start slapd.service
This can also be done for the translog database:
root@ucs:~# mkdir /var/lib/univention-ldap/translog-new
root@ucs:~# systemctl stop univention-directory-notifier.service
root@ucs:~# systemctl stop slapd.service
root@ucs:~# mdb_copy -c /var/lib/univention-ldap/translog /var/lib/univention-ldap/translog-new
root@ucs:~# mv /var/lib/univention-ldap/translog /var/lib/univention-ldap/translog-old
root@ucs:~# mv /var/lib/univention-ldap/translog-new /var/lib/univention-ldap/translog
root@ucs:~# systemctl start slapd.service
root@ucs:~# systemctl start univention-directory-notifier.service
rewrite data
A more efficient way might be to rewrite all data in the mdb database. Depending on the size of your OpenLDAP this will take a while and in the meantime your LDAP is not available.
root@ucs:~# systemctl stop univention-directory-listener slapd.service
root@ucs:~# slapcat >ldap_full.ldif
root@ucs:~# tar -cjvf "ldap_backup_$(date '+%s').tar.bz2" /var/lib/univention-ldap/ldap/data.mdb --remove-files
root@ucs:~# slapadd -l ldap_full.ldif
root@ucs:~# systemctl start slapd.service univention-directory-listener
See also: