Hi Marc,
This is 389-ds-base-1.3.7.5-28.el7_5.x86_64.
# grep number,cn=index /etc/dirsrv/slapd-example/dse.ldif
dn: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
dn: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
I double-checked that I'd set up an equality index, not just presence, and made sure that the index was generated.
# grep -i index /var/log/messages
Apr 13 13:31:44 example ns-slapd: [13/Apr/2020:13:31:44.909683777 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Indexing attribute: uidnumber
Apr 13 13:31:47 example ns-slapd: [13/Apr/2020:13:31:47.011917422 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Indexed 1000 entries (54%).
Apr 13 13:31:47 example ns-slapd: [13/Apr/2020:13:31:47.756062336 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Indexed 2000 entries (72%).
Apr 13 13:31:48 example ns-slapd: [13/Apr/2020:13:31:48.844133042 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Indexed 3000 entries (74%).
Apr 13 13:31:50 example ns-slapd: [13/Apr/2020:13:31:50.152982540 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Indexed 4000 entries (77%).
Apr 13 13:31:51 example ns-slapd: [13/Apr/2020:13:31:51.199900578 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Indexed 5000 entries (79%).
Apr 13 13:31:52 example ns-slapd: [13/Apr/2020:13:31:52.271669854 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Indexed 6000 entries (81%).
Apr 13 13:31:53 example ns-slapd: [13/Apr/2020:13:31:53.397852294 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Indexed 7000 entries (83%).
Apr 13 13:31:54 example ns-slapd: [13/Apr/2020:13:31:54.446263984 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Indexed 8000 entries (86%).
Apr 13 13:31:55 example ns-slapd: [13/Apr/2020:13:31:55.569704807 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Indexed 9000 entries (88%).
Apr 13 13:31:56 example ns-slapd: [13/Apr/2020:13:31:56.610690562 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Indexed 10000 entries (90%).
Apr 13 13:31:57 example ns-slapd: [13/Apr/2020:13:31:57.642493349 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Indexed 11000 entries (92%).
Apr 13 13:31:58 example ns-slapd: [13/Apr/2020:13:31:58.807418354 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Indexed 12000 entries (95%).
Apr 13 13:31:59 example ns-slapd: [13/Apr/2020:13:31:59.487828428 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Indexed 13000 entries (97%).
Best regards,
James Chamberlain
SIMULIA Cloud Operations, Networking & Security
> On Apr 13, 2020, at 3:01 PM, Marc Sauton <msauton@redhat.com> wrote:
>
> verify there is an equality index for uidnumber and gidnumber, not just presence, in the entries
> dn: cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
> dn: cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
> which version of 389-ds-base is this about?
> Thanks,
> M.
>
> On Mon, Apr 13, 2020 at 11:42 AM CHAMBERLAIN James <James.CHAMBERLAIN@3ds.com> wrote:
> Hi Mark,
>
> Thanks for getting back to me. After adjusting nsslapd-errorlog-level, here's what I've got.
>
> # grep dna-plugin /var/log/dirsrv/slapd-example/errors
> [13/Apr/2020:14:30:00.480608036 -0400] - DEBUG - dna-plugin - _dna_pre_op_add - dn does not match filter
> [13/Apr/2020:14:30:00.486700059 -0400] - DEBUG - dna-plugin - _dna_pre_op_add - adding uidNumber to uid=testuser1,ou=People,dc=example,dc=com as -2
> [13/Apr/2020:14:30:00.559245389 -0400] - DEBUG - dna-plugin - _dna_pre_op_add - retrieved value 0 ret 1
> [13/Apr/2020:14:30:00.561303217 -0400] - ERR - dna-plugin - _dna_pre_op_add - Failed to allocate a new ID!! 2
> [13/Apr/2020:14:30:00.571360868 -0400] - DEBUG - dna-plugin - dna_pre_op - Operation failure [1]
>
> And here's the DNA config:
>
> dn: cn=UID numbers,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
> objectClass: top
> objectClass: extensibleObject
> cn: UID numbers
> dnaType: uidNumber
> dnamaxvalue: 100000
> dnamagicregen: 0
> dnafilter: (objectclass=posixAccount)
> dnascope: dc=example,dc=com
> dnanextvalue: 25000
>
> dn: cn=GID numbers,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
> objectClass: top
> objectClass: extensibleObject
> cn: GID numbers
> dnaType: gidNumber
> dnamaxvalue: 100000
> dnamagicregen: 0
> dnafilter: (objectclass=posixGroup)
> dnascope: dc=example,dc=com
> dnanextvalue: 25000
>
> Best regards,
>
> James
>
>
> > On Apr 13, 2020, at 2:25 PM, Mark Reynolds <mreynolds@redhat.com> wrote:
> >
> > Enabling plugin logging will provide a little more detail about what is going wrong:
> >
> > ldapmodify -D "cn=directory manager" -W
> > dn: cn=config
> > changetype: modify
> > replace: nsslapd-errorlog-level
> > nsslapd-errorlog-level: 65536
> >
> >
> > After running the test you can disable the debug plugin logging by setting the log level to zero.
> >
> > Then share what information is logging when you add a new user. This is most likely a configuration error so hopefully we can find out what went wrong in your set up. Can you also provide the DNA config entries?
> >
> > Thanks,
> >
> > Mark
> >
> > On 4/13/20 1:50 PM, CHAMBERLAIN James wrote:
> >> Hi all,
> >>
> >> I'm trying to use the DNA plugin to add uidNumbers on posixAccounts. Everything worked fine in testing, but now that it's in production I'm seeing the following error:
> >>
> >> ERR - dna-plugin -_dna_pre_op_add - Failed to allocate a new ID!! 2
> >>
> >> I've followed the advice in the knowledge base (https://access.redhat.com/solutions/875133), about adding an equality index with an nsMatchingRule of integerOrderingMatch, but have not seen any difference in the server's behavior. Any ideas what I should try next?
> >>
> >> Thanks,
> >>
> >> James
> >> This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may be confidential and/or privileged.
> >> If you are not one of the named recipients or have received this email in error,
> >> (i) you should not read, disclose, or copy it,
> >> (ii) please notify sender of your receipt by reply email and delete this email and all attachments,
> >> (iii) Dassault Systèmes does not accept or assume any liability or responsibility for any use of or reliance on this email.
> >>
> >> Please be informed that your personal data are processed according to our data privacy policy as described on our website. Should you have any questions related to personal data protection, please contact 3DS Data Protection Officer at 3DS.compliance-privacy@3ds.com
> >>
> >> For other languages, go to https://www.3ds.com/terms/email-disclaimer
> >>
> >>
> >> _______________________________________________
> >> 389-users mailing list --
> >> 389-users@lists.fedoraproject.org
> >>
> >> To unsubscribe send an email to
> >> 389-users-leave@lists.fedoraproject.org
> >>
> >> Fedora Code of Conduct:
> >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> >>
> >> List Guidelines:
> >> https://fedoraproject.org/wiki/Mailing_list_guidelines
> >>
> >> List Archives:
> >> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> > --
> >
> > 389 Directory Server Development Team
> >
>
> This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may be confidential and/or privileged.
>
> If you are not one of the named recipients or have received this email in error,
>
> (i) you should not read, disclose, or copy it,
>
> (ii) please notify sender of your receipt by reply email and delete this email and all attachments,
>
> (iii) Dassault Systèmes does not accept or assume any liability or responsibility for any use of or reliance on this email.
>
>
> Please be informed that your personal data are processed according to our data privacy policy as described on our website. Should you have any questions related to personal data protection, please contact 3DS Data Protection Officer at 3DS.compliance-privacy@3ds.com<mailto:3DS.compliance-privacy@3ds.com>
>
>
> For other languages, go to https://www.3ds.com/terms/email-disclaimer
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may be confidential and/or privileged.
If you are not one of the named recipients or have received this email in error,
(i) you should not read, disclose, or copy it,
(ii) please notify sender of your receipt by reply email and delete this email and all attachments,
(iii) Dassault Systèmes does not accept or assume any liability or responsibility for any use of or reliance on this email.
Please be informed that your personal data are processed according to our data privacy policy as described on our website. Should you have any questions related to personal data protection, please contact 3DS Data Protection Officer at 3DS.compliance-privacy@3ds.com<mailto:3DS.compliance-privacy@3ds.com>
For other languages, go to https://www.3ds.com/terms/email-disclaimer
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
No comments:
Post a Comment