> On 27. Oct 2023, at 11.53, Kees van Vloten via samba <samba at
lists.samba.org> wrote:
>
>
> Op 27-10-2023 om 10:32 schreef Perttu Aaltonen via samba:
>>> On 26. Oct 2023, at 17.49, Rowland Penny via samba <samba at
lists.samba.org> wrote:
>>>
>>> On Thu, 26 Oct 2023 17:02:34 +0300
>>> Perttu Aaltonen via samba <samba at lists.samba.org> wrote:
>>>
>>>> Quick question. Can the LDB tools that modify the database
files
>>>> directly be used without stopping Samba DC? Specifically
ldbmodify?
>>> No problem, also you can use the machine password '-P' for
most searches
>>>
>>>> What about when there are more than one DC? Anything to take
into
>>>> account or best practices?
>>> The better question would be, 'What if there are multiple
sysadmins ?',
>>> you should always have more than one DC.
>>>
>>> With multiple sysadmins, you could get 'collisions',
especially if they
>>> try to change the same object on different DCs, so best practice
would
>>> be to always do any changes on one DC (Usually the one holding the
>>> PDC_Emulator FSMO role).
>>>
>>> Rowland
>>>
>> Thanks Rowland. Now to write a ldbmodify script...
>
> Probably something like this:
>
> cat << EOF > ldbmod
> dn: <DN TO CHANGE>
> changetype: modify
> replace: <ATTR TO CHANGE>
> <ATTR TO CHANGE>: <NEW VALUE FOR THE ATTR>
> EOF
> ldbmodify -H /var/lib/samba/private/sam.ldb ldbmod
>
> - Kees.
>
Indeed, that is something like I?m going to do. The only thing I?m wondering
about, not having tested it yet, is how does it behave if there?s already an
attribute with the same content? I want to add the mail attribute to each DN,
but some might already have it. So if I use ?add? will it just error out or will
add it a second time?
In that case I?ll check first to see if the addition is required.
-Perttu