[Samba] LDB Tools best practices
Kees van Vloten
keesvanvloten at gmail.com
Fri Oct 27 08:53:21 UTC 2023
Op 27-10-2023 om 10:32 schreef Perttu Aaltonen via samba:
>> On 26. Oct 2023, at 17.49, Rowland Penny via samba <samba at lists.samba.org> wrote:
>>
>> On Thu, 26 Oct 2023 17:02:34 +0300
>> Perttu Aaltonen via samba <samba at lists.samba.org> wrote:
>>
>>> Quick question. Can the LDB tools that modify the database files
>>> directly be used without stopping Samba DC? Specifically ldbmodify?
>> No problem, also you can use the machine password '-P' for most searches
>>
>>> What about when there are more than one DC? Anything to take into
>>> account or best practices?
>> The better question would be, 'What if there are multiple sysadmins ?',
>> you should always have more than one DC.
>>
>> With multiple sysadmins, you could get 'collisions', especially if they
>> try to change the same object on different DCs, so best practice would
>> be to always do any changes on one DC (Usually the one holding the
>> PDC_Emulator FSMO role).
>>
>> Rowland
>>
> Thanks Rowland. Now to write a ldbmodify script...
Probably something like this:
cat << EOF > ldbmod
dn: <DN TO CHANGE>
changetype: modify
replace: <ATTR TO CHANGE>
<ATTR TO CHANGE>: <NEW VALUE FOR THE ATTR>
EOF
ldbmodify -H /var/lib/samba/private/sam.ldb ldbmod
- Kees.
>
> -Perttu
More information about the samba
mailing list