Most tombstones will have their name mangled for deletion e.g. [1] CN=<RDN>\0ADEL:<GUID> and are moved to the “Deleted Objects” container if such exists [2] in the NC the object resides in and if it doesn’t have the DISALLOW_MOVE_ON_DELETE flag.
[2] All NCs except the Schema NC have “Deleted Objects” containers by default – but trust me they can get removed themselves J
The case I’m looking for here is when an object deletion acutely bypasses the requirement to transit to the intermediate state of being a tombstone, deleted object or recycled object before it tries to get physically deleted from the database.
Okay one case to cause this is: Object instanced with the auxiliary class dynamic Object e.g.:
dn: cn=Christoffer Andersson,cn=ESEDEV,DC=ADAM,DC=chrisse,DC=com
changetype: add
objectClass: user
objectClass: dynamicObject
entryTTL: 900
Dynamic objects never transit thru the state of being a tombstone, deleted object or recycled object, they get physically removed once their TTL expires by the garbage collector, however if there is other objects referring to them e.g.
[3] Let’s create an object referencing the dynamic object.
dn: cn=OtherObject,cn=ESEDEV,DC=ADAM,DC=chrisse,DC=com
changetype: add
objectClass: user
seeAlso: cn=Christoffer Andersson,cn=ESEDEV,DC=ADAM,DC=chrisse,DC=com
900 (15min passes) and “cn=Christoffer Andersson,cn=ESEDEV,DC=ADAM,DC=chrisse,DC=com” is about to being physically deleted by the garbage collector, But it’s not cause someone else reference it [3], so it’s rather converted to a (none-object) phantom without being either RDN managed for deletion [1] or moved to the “Deleted Objects” container and it will be stuck here as long as cn=OtherObject,cn=ESEDEV,DC=ADAM,DC=chrisse,DC=com reference it by seeAlso.
Now create an new object named : “cn=Christoffer Andersson,cn=ESEDEV,DC=ADAM,DC=chrisse,DC=com” e.g.:
dn: cn=Christoffer Andersson,cn=ESEDEV,DC=ADAM,DC=chrisse,DC=com
changetype: add
objectClass: user
The phantom will now become CNF mangled, to give room for the new real object that request the same RDN.
e.g. “cn=Christoffer Andersson\0ACNF:<GUID>,cn=ESEDEV,DC=ADAM,DC=chrisse,DC=com”
Bonus to those who know and can list in the comments – the attributes of “cn=Christoffer Andersson\0ACNF:<GUID>,cn=ESEDEV,DC=ADAM,DC=chrisse,DC=com” that are still left one the phantom (e.g. those who survived the translation from a real object to a (none-object)) – that’s all!