.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. |date| date:: .. meta:: :description: Switching from TDB storage to LMDB storage :keywords: Documentation, Samba-AD, tdb, large database .. _samba_ad_tdb_to_lmdb: ########################################## Switching from TDB storage to LMDB storage ########################################## As of Samba 4.9 the domain controller can be configured to store its data in :abbr:`LMDB (Lightning Memory-Mapped Database)` format instead of :abbr:`TDB (Trivial Database)` format. The TDB format is a 32bit key / value library implementation. This limits the size of the database to 4GB. To get around this limitation, the Samba project has developed a new storage *backend* based on the LMDB library which is 32bit and 64bit compatible, which allows to push this limit. The LMDB library was developed within the OpenLDAP project. If it is planned to store large objects (photo, etc.) or if the Active Directory will contain many users (100k and more), it is preferable to change the storage mode to LMDB. There is currently no way to directly convert a TDB base to LMDB. To convert a domain controller to LMDB, it is necessary to *demote* it and join it back to the domain. ****************************************** Switching a domain controller to LMDB mode ****************************************** .. note:: In the documentation below we assume that the different machines have been installed following the different recommendations given in this documentation, notably those on the configuration :ref:`DNS for RedHat8 and derived distributions `, or :ref:`DNS for Debian `, and :ref:`krb5.conf for RedHat8 and derived distributions ` or :ref:`krb5.conf for Debian `. .. note:: Check beforehand that the domain controller does not hold any FSMO roles, otherwise move the FSMO roles to another domain controller before updating to LMDB. In the documentation below, we call *srvads-lmdb* the AD server to switch to LMDB. * On the TDB domain controller to be switched to LMDB, save the database and turn off Samba: .. code-block:: bash yum install lmdb samba-tool fsmo show systemctl stop samba rsync -aPAX /var/lib/samba /root/samba_backup_20191107/ rm -Rf /var/lib/samba/* mkdir /var/lib/samba/private * On the FSMO PDC domain controller, start the *demoting* of the domain controller to be switched: .. code-block:: bash samba-tool domaine demote --remove-other-dead-server=srvads-lmdb * Ensure that the command:`demote` has been propagated to all other domain controllers. To do this, you can run the command on all the controllers with your favorite automation tool: .. code-block:: bash ldbsearch -H /var/lib/samba/private/sam.ldb 'cn=srvads-lmdb' * Once the deletion has been propagated to all domain controllers, the domain controller can be re-joined in *LMDB* mode. When joining, the size of the LMDB database can be changed with the parameter ``--backend-store-size``, here set to 16GB (the default value is 8GB): .. code-block:: bash samba-tool domain join mydomain.lan DC -U administrator --realm=MYDOMAIN.LAN -W MYDOMAIN --backend-store=mdb --backend-store-size=16Gb systemctl restart samba samba_dnsupdate --verbose systemctl samba_kcc