Recover deleted objects
William Brown
william at blackhats.net.au
Thu Aug 16 21:52:45 UTC 2018
On Thu, 2018-08-16 at 21:20 +0200, Stefan Kania via samba-technical
wrote:
> Hello everyone,
> maybe my problem is more technically or it maybe a bug? I could not
> find
> anything.
> I try to recover a deleted Object. My Setup:
> Debian 9
> bind9
> samba 4.8.3 the packages from Louis van Belle
>
> I created a user:
> root at sambabuch:~# samba-tool user create del-ohne-bin
> then I deleted the user:
> root at sambabuch:~# samba-tool user delete del-ohne-bin
>
> Then i searched for the deleted object:
> ----------------
> root at sambabuch:~# ldbsearch -H ldap://sambabuch -k yes --show-deleted
> cn=del-ohne-bin\\0ADEL:*
> # record 1
> dn:
> CN=del-ohne-bin\0ADEL:b16268e9-cba7-4a00-8261-993845df2b30,CN=Deleted
> Objects,DC=example,DC=net
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> .
> .
> .
> ----------------
>
> Then I try to rename the deleted object:
> ----------------
> root at sambabuch:~# ldbrename -H ldap://sambabuch -k yes --show-deleted
> 'CN=del-ohne-bin\0ADEL:b16268e9-cba7-4a00-8261-
> 993845df2b30,CN=Deleted
> Objects,DC=example,DC=net' "cn=del-ohne-
> bin,cn=users,dc=example,dc=net"
> rename of
> 'CN=del-ohne-bin\0ADEL:b16268e9-cba7-4a00-8261-
> 993845df2b30,CN=Deleted
> Objects,DC=example,DC=net' to
> 'cn=del-ohne-bin,cn=users,dc=example,dc=net' failed - LDAP error 32
> LDAP_NO_SUCH_OBJECT - <00002030: ldb_wait from
> ../source4/ldap_server/ldap_backend.c:486 with LDB_WAIT_ALL: No such
> object (32)> <>
>
> ----------------
> And as you can see LDAP error 32 :-(
>
> Now it getting real strange. If I try to find the deleted object with
> it's full DN: got this result:
> -----------------
> root at sambabuch:~# ldbsearch -H ldap://sambabuch -k yes --show-deleted
> 'CN=del-ohne-bin\0ADEL:b16268e9-cba7-4a00-8261-
> 993845df2b30,CN=Deleted
> Objects,DC=example,DC=net'
> # Referral
> ref: ldap://example.net/CN=Configuration,DC=example,DC=net
>
> # Referral
> ref: ldap://example.net/DC=DomainDnsZones,DC=example,DC=net
>
> # Referral
> ref: ldap://example.net/DC=ForestDnsZones,DC=example,DC=net
>
> # returned 3 records
> # 0 entries
> # 3 referrals
> -----------------
> So as soon as I use "CN=Deleted Objects" with ldbsearch or ldbrename
> the
> object is not found anymore. I tried it with a backslash before the
> blank, but it's the same.
>
> So my question is it not possible anymore to recover deleted objects?
> Or
> is there just a different way?
Hi there,
If I recall, deleted objects is used for the replication process to
make the deletion simpler across masters.
On a single master, this means that the deleted object itself may be
purged very quickly - and you certainly shouldn't try to tamper with it
and delete the deleted object as that may affect replication
consistency!
As well, schema defines rules as to what attributes are kept on a
deleted object, so the object may not even be consistent with schema
anymore.
A better idea would be to read the attributes back from the object and
create a new one based on it's data.
Better again would be to enable the object recycle bin, however, I am
not sure if S4 supports the recycle bin, so this may be something to
check with the team proper.
Hope that helps,
>
>
> Stefan
>
--
Sincerely,
William
More information about the samba-technical
mailing list