[Samba] content of sam.ldb vs sam.ldb.d/DC=MYDOMAIN,DC=LAN
Andrew Bartlett
abartlet at samba.org
Sat Feb 28 18:39:50 MST 2015
On Tue, 2015-02-24 at 15:06 +0100, Denis Cardon wrote:
> Hi everyone,
>
> I am wondering what is the difference between the content in sam.ldb and
> sam.ldb.d/DC=MYDOMAIN,DC=LAN.
>
> In the two file I have my user entry:
> # ldbsearch -H
> /usr/local/samba/private/sam.ldb.d/DC\=TRANQUILIT\,DC\=LOCAL.ldb | grep
> dn | grep CN=dcardon
> dn: CN=dcardon,CN=Users,DC=tranquilit,DC=local
>
> # ldbsearch -H /usr/local/samba/private/sam.ldb | grep dn | grep CN=dcardon
> dn: CN=dcardon,CN=Users,DC=tranquilit,DC=local
>
> Is it some kind of legacy? I though that the entries should be in the
> partition file into the sam.ldb.d directory, and sam.ldb was just had
> some kind of glue linking toward the partition file. If it is legacy, is
> there anyway recommended way to clean it up?
>
> Actually I was looking at it because I dug up a entry at a client that
> was well beyond the garbage collecting deadline into the sam.ldb file,
> and so started wondering about the content of the file.
If you run ldbdump on sam.ldb, you will see it is very, very small.
Indeed, essentially only one line in it matters:
dn: @MODULES
@LIST: samba_dsdb
This tells ldb to load the Samba modules, and from there the partitions
module knows to read the rest of the data from the sam.ldb.d/ files.
When you use sam.ldb, you see a virtual view of the objects as filtered,
munged and massaged by our ldb module stack - all the steps to turn LDAP
into AD-LDAP. When you look at sam.ldb.d, you see the raw backend
data.
I hope this clarifies things,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list