Does anyone have any experience with recovering LDAP entries 'accidently' deleted? I was able to get them by searching for 'nsTombstone' from the server at the point of deletion. I returned the entries, then I wrote a perl script to remove the nsTombstone objectclass, nsUniqueID, & nsParentID, and add the line, changetype:add.
Is there another option?
Has anyone found that the tombstoned data was incomplete?
You can undo ldap deletes this way.
Note however that tombstones are purged on a regular basis so you might not be able to recover every deleted entry.
nsds5replicapurgedelay controls how old the tombstone has to be before it is deleted. By default it is 1 week, so tombestones are remove after 1 week.
nsds5replicatombstonepurgeinterval controls how often the purge thread runs to check for tombstones to be deleted. The default is 1 hour.
Thanks. A week should be ample amount of time to be alerted when an entry has been accidently deleted.
In my test environment, i found that as many times as I delete, restore, delete an entry it creates a new tombstone object. Is there a timestamp field I'm not getting back that could be used?