[Samba] possible to use ldbedit in a safe way
rpenny at samba.org
Mon Oct 16 15:13:26 UTC 2017
On Mon, 16 Oct 2017 16:53:17 +0200
mj via samba <samba at lists.samba.org> wrote:
> dbcheck tells us we have two "dangling forward links" that I am
> trying to get rid of. On my test domain, I have simply done
> ldbedit -e nano -H ./CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=COM
> to remove them.
> While that seems to have worked nicely, dbcheck report zero errors
> now, it is something that I should never have done, or do in
> production, according to Andrew:
> "We realise this is a difficult problem for you and other users, but
> NEVER, EVER do that."
> So, question: is there a SAFE way to easily get rid of those two
> "dangling forward links"?
> (they are Replica-Locations for a DC that has been removed years ago)
If you need to edit the NCs in sam.ldb.d, use '--cross-ncs' with the
ldb command, this allows you safely change things. There have been
reports of AD being destroyed by directly editing the ldb's in sam.ldb.d
More information about the samba