Hi all,
System is Centos 7 and Samba is 4.2.1 sernet version.
The database contains 120k users and 150k computers. It's size is 3.3GB on
DC01 where the imports were performed and 2.8GB on the second DC.
I was trying to index uid attribute and I have a strange behaviour.
According to
https://msdn.microsoft.com/en-us/library/ms679765%28v=vs.85%29.aspx it is
the "searchFlags" attribute of "dn:
CN=uid,CN=Schema,CN=Configuration,DC=domain,DC=tld" I have to modify.
Looking at that attribute on
"sam.ldb.d/CN\=SCHEMA\,CN\=CONFIGURATION\,DC\=DOMAIN\,DC\=TLD.ldb" ldb
file, this attribute is set to 8 which should mean "uid value is not
re-usable" ("Preserve this attribute in the tombstone object for
deleted
objects." in MSDN doc).
I tried to set "searchFlags" to 47, 15, 1 and finally 9. Each time
ldbmodify answered "Modified 1 records successfully" but ldbsearch
then
shows this attribute value was not modified.
Here are the commands and their results:
samba4-dc01:~# cat uid_searchflags_modification.ldif
dn: CN=uid,CN=Schema,CN=Configuration,DC=domain,DC=tld
changetype: modify
replace: searchFlags
searchFlags: 8
serachFlags: 47
samba4-dc01:~# ldbmodify -H
/var/lib/samba/private/sam.ldb.d/CN\=SCHEMA\,CN\=CONFIGURATION\,DC\=DOMAIN\,DC\=TLD.ldb
uid_searchflags_modification.ldif
Modified 1 records successfully
samba4-dc01:~# ldbsearch -H
/var/lib/samba/private/sam.ldb.d/CN\=SCHEMA\,CN\=CONFIGURATION\,DC\=DOMAIN\,DC\=TLD.ldb
'(cn=uid)' searchflags
# record 1
dn: CN=uid,CN=Schema,CN=Configuration,DC=domain,DC=tld
searchFlags: 8
# returned 1 records
# 1 entries
# 0 referrals
Is this flag modifiable and if yes how to modify it?
If it is not modifiable how to proceed to index uid and others attributes?
Best regards,
Mathias Dufresne
El 07/05/15 a les 11:47, mathias dufresne ha escrit:> Here are the commands and their results: > > samba4-dc01:~# cat uid_searchflags_modification.ldif > dn: CN=uid,CN=Schema,CN=Configuration,DC=domain,DC=tld > changetype: modify > replace: searchFlags > searchFlags: 8 > serachFlags: 47Typo? (searchFlags vs serachFlags) Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007
On 07/05/15 10:47, mathias dufresne wrote:> Hi all, > > System is Centos 7 and Samba is 4.2.1 sernet version. > > The database contains 120k users and 150k computers. It's size is 3.3GB on > DC01 where the imports were performed and 2.8GB on the second DC. > > I was trying to index uid attribute and I have a strange behaviour. > According to > https://msdn.microsoft.com/en-us/library/ms679765%28v=vs.85%29.aspx it is > the "searchFlags" attribute of "dn: > CN=uid,CN=Schema,CN=Configuration,DC=domain,DC=tld" I have to modify. > > Looking at that attribute on > "sam.ldb.d/CN\=SCHEMA\,CN\=CONFIGURATION\,DC\=DOMAIN\,DC\=TLD.ldb" ldb > file, this attribute is set to 8 which should mean "uid value is not > re-usable" ("Preserve this attribute in the tombstone object for deleted > objects." in MSDN doc). > > I tried to set "searchFlags" to 47, 15, 1 and finally 9. Each time > ldbmodify answered "Modified 1 records successfully" but ldbsearch then > shows this attribute value was not modified. > > Here are the commands and their results: > > samba4-dc01:~# cat uid_searchflags_modification.ldif > dn: CN=uid,CN=Schema,CN=Configuration,DC=domain,DC=tld > changetype: modify > replace: searchFlags > searchFlags: 8 > serachFlags: 47 > > > samba4-dc01:~# ldbmodify -H > /var/lib/samba/private/sam.ldb.d/CN\=SCHEMA\,CN\=CONFIGURATION\,DC\=DOMAIN\,DC\=TLD.ldb > uid_searchflags_modification.ldif > Modified 1 records successfully > > > samba4-dc01:~# ldbsearch -H > /var/lib/samba/private/sam.ldb.d/CN\=SCHEMA\,CN\=CONFIGURATION\,DC\=DOMAIN\,DC\=TLD.ldb > '(cn=uid)' searchflags > # record 1 > dn: CN=uid,CN=Schema,CN=Configuration,DC=domain,DC=tld > searchFlags: 8 > > # returned 1 records > # 1 entries > # 0 referrals > > Is this flag modifiable and if yes how to modify it? > If it is not modifiable how to proceed to index uid and others attributes? > > Best regards, > > Mathias DufresneI don't know why you are trying to do this, but try it like this: dn: CN=uid,CN=Schema,CN=Configuration,DC=domain,DC=tld changetype: modify replace: searchFlags searchFlags: 47 Rowland
Thank you a lot Luca! I was able to change searchFlags using ldbedit command and I can't test right now the ldbmodify tool as samba seems to be indexing it's database (one thread eating 100% CPU for several minute, since I launched a ldbsearch on "uid" field). I'll try without my typo error (thank you again :) the ldbmodify command (to stop telling it doesn't work when the issue was between my keyboard and my chair) and also to tell if this CPU consumption was really due to indexing process. Cheers, mathias 2015-05-07 12:08 GMT+02:00 Luca Olivetti <luca at wetron.es>:> El 07/05/15 a les 11:47, mathias dufresne ha escrit: > > > Here are the commands and their results: > > > > samba4-dc01:~# cat uid_searchflags_modification.ldif > > dn: CN=uid,CN=Schema,CN=Configuration,DC=domain,DC=tld > > changetype: modify > > replace: searchFlags > > searchFlags: 8 > > serachFlags: 47 > > Typo? (searchFlags vs serachFlags) > > Bye > -- > Luca Olivetti > Wetron Automation Technology http://www.wetron.es > Tel. +34 935883004 Fax +34 935883007 > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Thu, 2015-05-07 at 11:47 +0200, mathias dufresne wrote:> Hi all, > > System is Centos 7 and Samba is 4.2.1 sernet version. > > The database contains 120k users and 150k computers. It's size is 3.3GB on > DC01 where the imports were performed and 2.8GB on the second DC.Wow! That is a very, very large domain!> I was trying to index uid attribute and I have a strange behaviour. > According to > https://msdn.microsoft.com/en-us/library/ms679765%28v=vs.85%29.aspx it is > the "searchFlags" attribute of "dn: > CN=uid,CN=Schema,CN=Configuration,DC=domain,DC=tld" I have to modify. > > Looking at that attribute on > "sam.ldb.d/CN\=SCHEMA\,CN\=CONFIGURATION\,DC\=DOMAIN\,DC\=TLD.ldb" ldb > file, this attribute is set to 8 which should mean "uid value is not > re-usable" ("Preserve this attribute in the tombstone object for deleted > objects." in MSDN doc). > > I tried to set "searchFlags" to 47, 15, 1 and finally 9. Each time > ldbmodify answered "Modified 1 records successfully" but ldbsearch then > shows this attribute value was not modified. > > Here are the commands and their results: > > samba4-dc01:~# cat uid_searchflags_modification.ldif > dn: CN=uid,CN=Schema,CN=Configuration,DC=domain,DC=tld > changetype: modify > replace: searchFlags > searchFlags: 8 > serachFlags: 47 > > > samba4-dc01:~# ldbmodify -H > /var/lib/samba/private/sam.ldb.d/CN\=SCHEMA\,CN\=CONFIGURATION\,DC\=DOMAIN\,DC\=TLD.ldb > uid_searchflags_modification.ldif > Modified 1 records successfullyPlease do not modify the backend database files directly. You need to do all modifications via sam.ldb, because otherwise the modifications will not propagate (using sam.ldb.d files means all the ldb modules, consistency, metadata recording and safety checks are bypassed). I realise this may make things difficult in this particular situation (if the reindex was to happen during the connection, and timeout or such), but I need to emphasise the general rule. Thanks! Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba