Red Hat Training

A Red Hat training course is available for Red Hat Directory Server

9.3. dbscan

The dbscan tool analyzes and extracts information from a Directory Server database file. There are four kinds of database files that can be scanned with dbscan:
  • id2entry.db, the main database file for a user database
  • entryrdn.db for a user database
  • secondary index files for a user database, like cn.db
  • numeric_string.db for the changelog in /var/lib/dirsrv/slapd-instance/changelogdb
See Section 2.2.2, “Database Files” for more information on database files.
Database files use the .db2, .db3, .db4, and .db extensions in their filename, depending on the version of Directory Server.

dbscan -f filename [ options ]



Table 9.3. Common Options

Option Description
-f filename Specifies the name of the database file, the contents of which are to be analyzed and extracted. This option is required.
-R Dump the database as raw data.
-t size Specifies the entry truncate size (in bytes).


The options listed in Table 9.4, “Entry File Options” are meaningful only when the database file is the primary database file, id2entry.db.

Table 9.4. Entry File Options

Option Description
-K entry_id Specifies the entry ID to look up.


The index file options, listed in Table 9.5, “Index File Options ”, are meaningful only when the database file is the secondary index file.

Table 9.5. Index File Options

Option Description
-k key Specifies the key to look up in the secondary index file.
-l size Sets the maximum length of the dumped ID list. The valid range is from 40 to 1048576 bytes. The default value is 4096.
-G n Sets only to display those index entries with ID lists exceeding the specified length.
-n Sets only to display the length of the ID list.
-r Sets to display the contents of the ID list.
-s Gives the summary of index counts.

The following are command-line examples of different situations using dbscan to examine the Directory Server databases.

Example 9.1. Dumping the Entry File

dbscan -f /var/lib/dirsrv/slapd-instance/db/userRoot/id2entry.db

Example 9.2. Displaying the Index Keys in cn.db

dbscan -f /var/lib/dirsrv/slapd-instance/db/userRoot/cn.db

Example 9.3. Displaying the Index Keys and the Count of Entries with the Key in mail.db

# dbscan -r -f /var/lib/dirsrv/slapd-instance/db/userRoot/mail.db

Example 9.4. Displaying the Index Keys and the All IDs with More Than 20 IDs in sn.db

# dbscan -r -G 20 -f /var/lib/dirsrv/slapd-instance/db/userRoot/sn.db

Example 9.5. Displaying the Summary of objectclass.db

# dbscan -s -f /var/lib/dirsrv/slapd-instance/db/userRoot/objectclass.db

Example 9.6. Displaying VLV Index File Contents

# dbscan -r -f /var/lib/dirsrv/slapd-instance/db/userRoot/vlv#bymccoupeopledcpeopledccom.db

Example 9.7. Displaying the Changelog File Contents

# dbscan -f /var/lib/dirsrv/slapd-instance/changelogdb/c1a2fc02-1d11b2-8018afa7-fdce000_424c8a000f00.db

Example 9.8. Dumping the Index File uid.db with Raw Mode

# dbscan -R -f /var/lib/dirsrv/slapd-instance/db/userRoot/uid.db

Example 9.9. Displaying the entryID with the Common Name Key "=hr managers"

In this example, the common name key is =hr managers, and the equals sign (=) means the key is an equality index.
# dbscan -k "=hr managers" -r -f /var/lib/dirsrv/slapd-instance/db/userRoot/cn.db

=hr%20managers 7

Example 9.10. Displaying an Entry with the entry ID of 7

# dbscan -K 7 -f /var/lib/dirsrv/slapd-instance/db/userRoot/id2entry.db 

id 7 dn: cn=HR Managers,ou=groups,dc=example,dc=com
objectClass: top 
objectClass: groupOfUniqueNames 
cn: HR Manager
ou: groups 
description: People who can manage HR entries
creatorsName: cn=Directory Manager 
modifiersName: cn=Directory Manager 
createTimestamp: 20050408230424Z 
modifyTimestamp: 20050408230424Z
nsUniqueId: 8b465f73-1dd211b2-807fd340-d7f40000 parentid: 3
entryid: 7 
entrydn: cn=hr managers,ou=groups,dc=example,dc=com

Example 9.11. Displaying the Contents of entryrdn Index

# dbscan -f /var/lib/dirsrv/slapd-instance/db/userRoot/entryrdn.db -k "dc=example,dc=com"

  ID: 1; RDN: "dc=example,dc=com"; NRDN: "dc=example,dc=com" 
    ID: 2; RDN: "cn=Directory Administrators"; NRDN: "cn=directory administrators" 
2:cn=directory administrators 
    ID: 2; RDN: "cn=Directory Administrators"; NRDN: "cn=directory administrators" 
P2:cn=directory administrators 
    ID: 1; RDN: "dc=example,dc=com"; NRDN: "dc=example,dc=com" 
    ID: 3; RDN: "ou=Groups"; NRDN: "ou=groups" 
    ID: 3; RDN: "ou=Groups"; NRDN: "ou=groups"