When I back up my directory server, I see a bunch of entries in the resulting LDIF which only include the RDN rather than the full DN. Here is one example:
# entry-id: 3
dn: ou=Groups
nsUniqueId: 59ac5a03-1dce11ee-ae5b886f-9de8b2ea
objectClass: top
objectClass: organizationalunit
ou: Groups
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20230708203145Z
modifyTimestamp: 20230708203145Z
I can't find that entry when I search for its nsUniqueId. Restoring the LDIF to a new DS on a fresh OS install must put the entries in there, as they show up in the new system's backups; but ldapsearch can't find them and affected user accounts are unusable. The command I'm using for the backup is:
/usr/sbin/dsconf -D "$bind_dn" -y $pass_file ldap://localhost backend export -l $ldif_file userRoot
The command for restores is likewise:
/usr/sbin/dsconf -vvv -D "$bind_dn" -y $pass_file ldap://localhost backend import userRoot $ldif_file
We loop checking the status of the import task, and when it has completed run a reindex.
The LDIF file has 16,000 entries: 10000 with "good" DNs and 6000 with "bad" DNs:
$ grep "^dn:" userRoot-latest.ldif | grep ',' | wc -l
9953
$ grep "^dn:" userRoot-latest.ldif | grep -v ',' | wc -l
5957
My system is running Rocky Linux 8.10 with 389-ds-base-2.0.15-1.module_el8+14185+adb3f555.x86_64. Anyone have any idea what's going on, and how I might fix it? Have I missed something in the documentation?
Thanks,
James
This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may be confidential and/or privileged.
If you are not one of the named recipients or have received this email in error,
(i) you should not read, disclose, or copy it,
(ii) please notify sender of your receipt by reply email and delete this email and all attachments,
(iii) Dassault Systèmes does not accept or assume any liability or responsibility for any use of or reliance on this email.
Please be informed that your personal data are processed according to our data privacy policy as described on our website. Should you have any questions related to personal data protection, please contact 3DS Data Protection Officer https://www.3ds.com/privacy-policy/contact/
No comments:
Post a Comment