[Samba] samba4: cleaning up deleted DNS objects
Achim Gottinger
achim at ag-web.biz
Sat Jan 31 13:38:16 MST 2015
Am 31.01.2015 um 20:15 schrieb Achim Gottinger:
> Hi Bram,
>
> Am 31.01.2015 um 10:39 schrieb Bram Matthys:
>> Hi,
>>
>> First of all, apologies in advance to email you off-list. Hope it's ok.
>> I work at a high school and we use Samba4 for ~250 seats and I'm
>> having the
>> same issue as you: a DNS .ldb file of 600MB.
>> I was searching for a way to clean these up and was wondering if you
>> could
>> share your experience (what you did, and if you had any issues).
>>
>> I found it a pitty that 'ldbdel' does not allow you to search by
>> attributes,
>> so now I'm doing:
>>
>> # ldbsearch -H
>> /root/DC\=DOMAINDNSZONES\,DC\=JNET\,DC\=HERMANJORDAN\,DC\=NL.ldb
>> 'isDeleted=TRUE'|grep dn:|/root/massdelhelper >/root/killthese
>>
>> # ldbmodify -H
>> /root/DC\=DOMAINDNSZONES\,DC\=JNET\,DC\=HERMANJORDAN\,DC\=NL.ldb
>> /root/killthese
>> Modified 107156 records successfully
>>
>> Where the '/root/massdelhelper' script is:
>> **
>> #!/bin/bash
>> while true
>> do
>> read -r x || exit
>> if [ "$x" != "dn: CN=Deleted Objects,DC=DomainDnsZones,.etc.,DC=nl"
>> ]; then
>> echo "$x"
>> echo "changetype: delete"
>> echo ""
>> fi
>> done
>> **
>>
>> (As you can see this is a test on a copy, not in the samba directory)
>>
>> When I do an ldapsearch I can indeed confirm the bad entries are
>> gone, as
>> only 307 are left over.
>>
>> Strange thing is now I have:
>> # ls -alh DC*
>> -rw------- 1 root root 1.7G Jan 31 10:26
>> DC=DOMAINDNSZONES,DC=JNET,DC=HERMANJORDAN,DC=NL.ldb
>> -rw------- 1 root root 656M Jan 31 09:53
>> DC=DOMAINDNSZONES,DC=JNET,DC=HERMANJORDAN,DC=NL.ldb.before
>>
>> So it actually doubled in size (huh?)
>>
>> Did you do something like that? Did it work out or create all kinds
>> of issues?
>>
>> Did you use ldbtools or ldaptools? Any (other) tips?
>>
>> Thanks a lot in advance,
>>
>> Bram Matthys
>> System-/Network administrator
>> Montessori Lyceum Herman Jordan
>>
>> PS: In case you wonder why I haven't updated Samba. I will soon. I
>> already
>> did a test upgrade and it did not delete these objects.. or at least
>> not the
>> first hour.. and had a few critical (DNS-unrelated) issues. So hence
>> wanting
>> to clean this up first, before the upgrade.
> First thing you need to do is update samba, there was an issue with
> Deleted Objects causing these huge DNS database files.
> Active Directory keeps Deleted Objects around for "tombstonde
> lifeteime", which is 180 days by default. What i did back the after
> upgrading samba was reducing tombstone lifetime in small steps (1o
> days) down to 30 day.
> I always waited till the number of deleted objects did no longer
> shrink. The whole process can take a few hours.
> After that was done i stopped samba and made an backup of the
> sam.ldb.d files. This results in much smaller ldb files ending in
> ldb.bak. I copied these to their origin .ldp files, started samba
> again and after i did this on all dc's i increased tombstone lifetime
> back to 180 days.
> See here how to change the tombstone lifetime attribute.
https://wiki.samba.org/index.php/Restoring_deleted_AD_objects
>
> Hope that helps.
>
> achim~
>
More information about the samba
mailing list