samba - Feb 2015 - content of sam.ldb vs sam.ldb.d/DC=MYDOMAIN,DC=LAN

Hi everyone,

I am wondering what is the difference between the content in sam.ldb and 
sam.ldb.d/DC=MYDOMAIN,DC=LAN.

In the two file I have my user entry:
# ldbsearch -H 
/usr/local/samba/private/sam.ldb.d/DC\=TRANQUILIT\,DC\=LOCAL.ldb | grep 
dn | grep CN=dcardon
dn: CN=dcardon,CN=Users,DC=tranquilit,DC=local

# ldbsearch -H /usr/local/samba/private/sam.ldb | grep dn | grep CN=dcardon
dn: CN=dcardon,CN=Users,DC=tranquilit,DC=local

Is it some kind of legacy? I though that the entries should be in the 
partition file into the sam.ldb.d directory, and sam.ldb was just had 
some kind of glue linking toward the partition file. If it is legacy, is 
there anyway recommended way to clean it up?

Actually I was looking at it because I dug up a entry at a client that 
was well beyond the garbage collecting deadline into the sam.ldb file, 
and so started wondering about the content of the file.

Thanks for the input,

Denis

-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, b?timent A
12 avenue Jules Verne
44230 Saint S?bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr

On Tue, 2015-02-24 at 15:06 +0100, Denis Cardon wrote:
> Hi everyone,
> 
> I am wondering what is the difference between the content in sam.ldb and 
> sam.ldb.d/DC=MYDOMAIN,DC=LAN.
> 
> In the two file I have my user entry:
> # ldbsearch -H 
> /usr/local/samba/private/sam.ldb.d/DC\=TRANQUILIT\,DC\=LOCAL.ldb | grep 
> dn | grep CN=dcardon
> dn: CN=dcardon,CN=Users,DC=tranquilit,DC=local
> 
> # ldbsearch -H /usr/local/samba/private/sam.ldb | grep dn | grep CN=dcardon
> dn: CN=dcardon,CN=Users,DC=tranquilit,DC=local
> 
> Is it some kind of legacy? I though that the entries should be in the 
> partition file into the sam.ldb.d directory, and sam.ldb was just had 
> some kind of glue linking toward the partition file. If it is legacy, is 
> there anyway recommended way to clean it up?
> 
> Actually I was looking at it because I dug up a entry at a client that 
> was well beyond the garbage collecting deadline into the sam.ldb file, 
> and so started wondering about the content of the file.
If you run ldbdump on sam.ldb, you will see it is very, very small.
Indeed, essentially only one line in it matters:

dn: @MODULES
@LIST: samba_dsdb

This tells ldb to load the Samba modules, and from there the partitions
module knows to read the rest of the data from the sam.ldb.d/ files.

When you use sam.ldb, you see a virtual view of the objects as filtered,
munged and massaged by our ldb module stack - all the steps to turn LDAP
into AD-LDAP.  When you look at sam.ldb.d, you see the raw backend
data. 

I hope this clarifies things,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba