> On Nov 30, 2021, at 5:24 PM, William Brown <william.brown@suse.com> wrote:
>
>
>
>> On 1 Dec 2021, at 07:26, Morgan Jones <morgan@morganjones.org> wrote:
>>
>>
>> Can anyone provide insight on why the below might be happening, my best guess is a corrupt uniquemember index??
>
> If you add the uniquemember index, but never trigger a reindex, the server treats it as an empty result set until you do a reindex.
>
> So I'd say do a reindex and see if that resolves it.
Understood: we did a full re-index.
Thank you, will do.
-morgan
>
>>
>> I initially tried it as a user which also fails but switched to Directory Manager to rule out an access control issue.
>>
>> We have identical prod, dev, and test environments and I only see this behavior in our production environment.
>>
>> mmacbook:~ morgan$ ldapsearch -LLL -H ldaps://prdds22.domain.org -x -y pass -D cn=directory\ manager -b 'cn=admin,ou=fwmgmt,ou=groups,dc=domain,dc=org' '(&(objectClass=groupofuniquenames)(uniqueMember=*))'
>> mmacbook:~ morgan$ ldapsearch -LLL -H ldaps://prdds22.domain.org -x -y pass -D cn=directory\ manager -b 'cn=admin,ou=fwmgmt,ou=groups,dc=domain,dc=org' '(uniqueMember= groupofuniquenames)'
>> mmacbook:~ morgan$ ldapsearch -LLL -H ldaps://prdds22.domain.org -x -y pass -D cn=directory\ manager -b 'cn=admin,ou=fwmgmt,ou=groups,dc=domain,dc=org' '(objectclass=*)'
>> dn: cn=admin,ou=fwmgmt,ou=groups,dc=domain,dc=org
>> objectClass: top
>> objectClass: groupOfUniqueNames
>> cn: admin
>> uniqueMember: uid=u1,ou=employees,dc=domain,dc=org
>> uniqueMember: uid=u2,ou=employees,dc=domain,dc=org
>> uniqueMember: uid=u3,ou=employees,dc=domain,dc=org
>> description: FW Mgmt group
>>
>> mmacbook:~ morgan$
>>
>>
>>
>> mmacbook:~ morgan$ ldapsearch -x -y ~/Docs/.pass4 -D cn=directory\ manager -LLLb cn=config '(&(objectclass=nsindex)(cn=uniquemember))'
>> dn: cn=uniquemember,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,c
>> n=config
>> objectClass: top
>> objectClass: nsIndex
>> cn: uniquemember
>> nsSystemIndex: false
>> nsIndexType: eq
>>
>> dn: cn=uniquemember,cn=index,cn=NetscapeRoot,cn=ldbm database,cn=plugins,cn=co
>> nfig
>> objectClass: top
>> objectClass: nsIndex
>> cn: uniquemember
>> nsSystemIndex: false
>> nsIndexType: eq
>>
>> dn: cn=uniqueMember,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
>> cn: uniqueMember
>> objectClass: top
>> objectClass: nsIndex
>> nsIndexType: eq
>> nsIndexType: sub
>> nsIndexType: pres
>> nsSystemIndex: false
>>
>> mmacbook:~ morgan$
>>
>>
>> thank you!
>>
>> -morgan
>> _______________________________________________
>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
>
> --
> Sincerely,
>
> William Brown
>
> Senior Software Engineer, Identity and Access Management
> SUSE Labs, Australia
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
No comments:
Post a Comment