This discussion is archived
2 Replies Latest reply: Apr 12, 2013 12:06 PM by pgrFrank RSS

nsTombstone object recovery

pgrFrank Newbie
Currently Being Moderated
Does anyone have any experience with recovering LDAP entries 'accidently' deleted? I was able to get them by searching for 'nsTombstone' from the server at the point of deletion. I returned the entries, then I wrote a perl script to remove the nsTombstone objectclass, nsUniqueID, & nsParentID, and add the line, changetype:add.
Is there another option?
Has anyone found that the tombstoned data was incomplete?
  • 1. Re: nsTombstone object recovery
    Sylvain Duloutre Pro
    Currently Being Moderated

    You can undo ldap deletes this way.

    Note however that tombstones are purged on a regular basis so you might not be able to recover every deleted entry.

    nsds5replicapurgedelay controls how old the tombstone has to be before it is deleted. By default it is 1 week, so tombestones are remove after 1 week.
    nsds5replicatombstonepurgeinterval controls how often the purge thread runs to check for tombstones to be deleted. The default is 1 hour.

  • 2. Re: nsTombstone object recovery
    pgrFrank Newbie
    Currently Being Moderated
    Thanks. A week should be ample amount of time to be alerted when an entry has been accidently deleted.
    In my test environment, i found that as many times as I delete, restore, delete an entry it creates a new tombstone object. Is there a timestamp field I'm not getting back that could be used?


  • Correct Answers - 10 points
  • Helpful Answers - 5 points