[Samba] possible to use ldbedit in a safe way

mj lists at merit.unu.edu
Tue Oct 17 09:04:59 UTC 2017

On 10/16/2017 08:56 PM, Andrew Bartlett wrote:
> Are they breaking anything?
Not sure. But in another thread I reported some issues on replication, 
highwatermark notifications, high COU load, etc.

My idea was do try several things to fix this. SO I created a 
virtualised isolated environment, in which I can try out all kinds of 

- upgrading the DCs to 4.7 (as suggested by you)
- add a fresh 4.7 dc, see how that works out
- try the clone-dc-database
But also:
- try to make dbcheck complete without errors, to rule that out.

> If so, can you get me more detail on exactly what breaks?
So I'm not sure if there is a relation or not. :-|

> If we have painted ourselves into a corner, and can no longer ignore
> these dangling forward links, an improved dbcheck rule is probably the
> right answer, and I would rather get you a patch than have you edit the
> DB.
Understood, but I'm not sure that my dangling link break anything. It's 
just that in case of an issue, the natural thing is: first try to make 
dbcheck finish without errors. :-)

> Finally, for those that have already edited a backend DB, running
> 'samba-tool dbcheck --reindex' on the sam.ldb is a must, to ensure the
> index values are correctly re-calculated.

I understand that most parts of sam.lbd are replicated between DCs, but 
from what I can read, some items are also non-replicated, so local-DC-only.

Would I be ok to say: things that are replicated are more dangurous to 
edit using lbdedit than things that stay local to a specific DC?
(as long as you run --reindex afterwards)


More information about the samba mailing list