2 Replies Latest reply on Apr 12, 2013 7:06 PM by pgrFrank

    nsTombstone object recovery

      Does anyone have any experience with recovering LDAP entries 'accidently' deleted? I was able to get them by searching for 'nsTombstone' from the server at the point of deletion. I returned the entries, then I wrote a perl script to remove the nsTombstone objectclass, nsUniqueID, & nsParentID, and add the line, changetype:add.
      Is there another option?
      Has anyone found that the tombstoned data was incomplete?
        • 1. Re: nsTombstone object recovery
          Sylvain Duloutre-Oracle

          You can undo ldap deletes this way.

          Note however that tombstones are purged on a regular basis so you might not be able to recover every deleted entry.

          nsds5replicapurgedelay controls how old the tombstone has to be before it is deleted. By default it is 1 week, so tombestones are remove after 1 week.
          nsds5replicatombstonepurgeinterval controls how often the purge thread runs to check for tombstones to be deleted. The default is 1 hour.

          • 2. Re: nsTombstone object recovery
            Thanks. A week should be ample amount of time to be alerted when an entry has been accidently deleted.
            In my test environment, i found that as many times as I delete, restore, delete an entry it creates a new tombstone object. Is there a timestamp field I'm not getting back that could be used?