Friday, May 12, 2023

[389-users] Re: Subsuffixes not displaying

Good morning Pierre,

 

We tested something different this time.

We created a new root suffix on the same server called dc=oestest,dc=fiu and created a sub suffix ou=testentry,ou=oestest,dc=fiu and still encountered same behavior.

Performing the search ldapsearch -D "cn=manager" -W -b cn=config "(objectclass=nsMappingTree)" displayed the test entry having dc=oestest,dc=fiu as the parent suffix.

 

dn: cn=dc\3Doestest\2Cdc\3Dfiu,cn=mapping tree,cn=config

objectClass: top

objectClass: extensibleObject

objectClass: nsMappingTree

cn: dc=oestest,dc=fiu

cn: dc\=oestest\,dc\=fiu

nsslapd-state: backend

nsslapd-backend: testoestest

 

 

# ou\3Dtestentry\2Cdc\3Doestest\2Cdc\3Dfiu, mapping tree, config

dn: cn=ou\3Dtestentry\2Cdc\3Doestest\2Cdc\3Dfiu,cn=mapping tree,cn=config

objectClass: top

objectClass: extensibleObject

objectClass: nsMappingTree

cn: ou=testentry,dc=oestest,dc=fiu

cn: ou\=testentry\,dc\=oestest\,dc\=fiu

nsslapd-state: backend

nsslapd-backend: testentrydb

nsslapd-parent-suffix: dc=oestest,dc=fiu

 

 

Using an ldap browser and using the  manager account with the base dn of the root suffix only displayed the root suffix and not the subsuffix. Similar behavior was seen when running an ldap search with the -s one parameter.  If the ldapsearch was performed with the -s sub parameter, then the OU was displayed. 

 

It seems that with this version subsuffixes on different databases are not displayed and only OUs from the root suffix are displayed.

Please advise.

 

 

 

 

Jason Villarroel

Systems Administrator

Florida International University

Division of Information Technology – Enterprise Systems

PC 120

305-348-2687 (Office)

305-348-3686 (Fax)

 

Division of Information Technology staff will never ask for your password.

Never email your password or share confidential information in emails.

 

 

 

 

From: Pierre Rogier <progier@redhat.com>
Sent: Thursday, May 4, 2023 11:02 AM
To: General discussion list for the 389 Directory server project. <389-users@lists.fedoraproject.org>
Subject: [389-users] Re: Subsuffixes not displaying

 

Note: This message originated from outside the FIU Faculty/Staff email system.

 

I do not have this behavior on very recent version based on main branch:
Instance "supplier1" has been restarted
+ exec ldapsearch -Q -LLL -Y EXTERNAL -H ldapi://%2fhome%2fprogier%2fsb%2f389%2ftst%2fci-install%2fvar%2frun%2fslapd-supplier1.socket -b cn=config '(objectClass=nsMappingTree)'
dn: cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: dc=example,dc=com
cn: dc\=example\,dc\=com
nsslapd-state: backend
nsslapd-backend: userroot
nsslapd-referral: ldap://linux.home:5556/dc%3Dexample%2Cdc%3Dcom

dn: cn=dc\3Dfoo\2Cdc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: dc=foo,dc=example,dc=com
cn: dc\=foo\,dc\=example\,dc\=com
nsslapd-state: backend
nsslapd-backend: be2
nsslapd-parent-suffix: dc=example,dc=com

+ exec ldapsearch -Q -LLL -Y EXTERNAL -H ldapi://%2fhome%2fprogier%2fsb%2f389%2ftst%2fci-install%2fvar%2frun%2fslapd-supplier1.socket -b dc=example,dc=com dc=foo
dn: dc=foo,dc=example,dc=com
objectClass: top
objectClass: domain
dc: foo
description: dc=foo,dc=example,dc=com

Using the directory manager account rules out aci  issues so I am puzzled. 
I wonder if it could be specific to the 389-ds-base-2.2.6-2.el8.x86_64 version
 but I am surprised because the 389ds 2.2.6 version is only a few months old ...

A last point: have you restarted the instance after changing the orphan flags ? 

 

On Thu, May 4, 2023 at 3:55 PM Jason Villarroel <jvillarr@fiu.edu> wrote:

Hello Pierre,

 

We created a new root suffix on one of our DR servers called dc=oestest,dc=fiu and created a sub suffix ou=testentry,ou=oestest,dc=fiu and still encountered same behavior.

 

Performing the search ldapsearch -D "cn=manager" -W -b cn=config "(objectclass=nsMappingTree)" displayed the test entry having dc=oestest,dc=fiu as the parent suffix.

 

dn: cn=dc\3Doestest\2Cdc\3Dfiu,cn=mapping tree,cn=config

objectClass: top

objectClass: extensibleObject

objectClass: nsMappingTree

cn: dc=oestest,dc=fiu

cn: dc\=oestest\,dc\=fiu

nsslapd-state: backend

nsslapd-backend: testoestest

 

 

# ou\3Dtestentry\2Cdc\3Doestest\2Cdc\3Dfiu, mapping tree, config

dn: cn=ou\3Dtestentry\2Cdc\3Doestest\2Cdc\3Dfiu,cn=mapping tree,cn=config

objectClass: top

objectClass: extensibleObject

objectClass: nsMappingTree

cn: ou=testentry,dc=oestest,dc=fiu

cn: ou\=testentry\,dc\=oestest\,dc\=fiu

nsslapd-state: backend

nsslapd-backend: testentrydb

nsslapd-parent-suffix: dc=oestest,dc=fiu

 

Using an ldap browser and using the the manager account with the base dn of the root suffix only displayed the root suffix and not the subsuffix. Similar behavior was seen when running an ldap search with the -s one parameter.  If the ldapsearch was performed with the -s sub parameter, then the OU was displayed. 

 

It seems that with this version subsuffixes on different databases are not displayed and only OUs from the root suffix are displayed.

 

Please advise.

Thank you.

 

<Data snipped to compoy to the 100K limit>

 

--

--

389 Directory Server Development Team

_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue


 

--

--

389 Directory Server Development Team

No comments:

Post a Comment