<p>Noriko<br>
Thanks for the reply as I mentioned in my previous email I assumed that when I created the sub suffix database for dc=b,dc=example,dc=com it would automaticly add the dn to the database but it doesn't so I manualy added it and it works now.</p>
<p>For clarity that step should be added to the documentation.<br>
The way I figured it out is I just tried to add a new subdomain without adding a sub suffix and I got a warning message saying I may wan to add the sub suffix first</p>
<div class="gmail_quote">On Jul 27, 2012 8:50 PM, "Noriko Hosoi" <<a href="mailto:nhosoi@redhat.com">nhosoi@redhat.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Paul Robert Marino wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello every one<br>
<br>
I have a strange problem Im trying to use 389 server in a large<br>
organization and i have to break the directory into several sub<br>
suffixes or root suffixes.<br>
there is the scenario<br>
I work for Large company A<br>
Large company A owns<br>
1) subsidiary b<br>
2) subsidiary c<br>
3) subsidiary d<br>
<br>
Large company A uses domain <a href="http://example.com" target="_blank">example.com</a><br>
subsidiary b uses domain <a href="http://b.example.com" target="_blank">b.example.com</a><br>
subsidiary c uses domain <a href="http://c.example.com" target="_blank">c.example.com</a><br>
subsidiary d uses domain <a href="http://d.example.com" target="_blank">d.example.com</a><br>
<br>
<br>
I would like to separate each of the subsidiaries into their own sub<br>
suffix partially because of security reasons also to minimize unneeded<br>
replication for local read only slaves at the subsidiary sites, and I<br>
would also like the administrator at each subsidiary to have the<br>
option of manage their own users or having the administrators at the<br>
parent company do it for them.<br>
<br>
now creating the sub suffix with its own database is fairly well<br>
documented and works well with ou's but doesn't seem to work with<br>
dc's<br>
if i create the new suffix as a dc and go into the users and groups in<br>
the console and try to add a user to the new dc it wont let me. if i<br>
use the Users drop down menu and try to change directory and set the<br>
base to the new dc (e.g. dc=b,dc=example,dc=com) it tells me the dc<br>
isn't valid<br>
<br>
I also tried creating a root suffix and ran into the same problem so<br>
what am i missing?<br>
Is there some initial database population step I didn't see in the<br>
documentation or do i need to setup some ACIs or what?<br>
</blockquote>
There should not be any problem to create sub suffix starting with "dc".<br>
$ ldapsearch -LLLx [...] -b "dc=example,dc=com" dn<br>
dn: dc=example,dc=com<br>
dn: dc=B,dc=example,dc=com<br>
dn: dc=C,dc=example,dc=com<br>
dn: dc=D,dc=example,dc=com<br>
<br>
I put dc=B in Broot, dc=C in Croot, and dc=D in Droot.<br>
$ ls /var/lib/dirsrv/slapd-ID/db<br>
Broot/ DBVERSION NetscapeRoot/ __db.002 __db.004 __db.006 userRoot/<br>
Croot/ Droot/ __db.001 __db.003 __db.005 log.0000000001<br>
<br>
Do you see any errors in the error log?<br>
/var/log/dirsrv/slapd-ID/<u></u>errors<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
--<br>
389 users mailing list<br>
<a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.<u></u>org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.<u></u>org/mailman/listinfo/389-users</a><br>
</blockquote>
<br>
<br>
--<br>
389 users mailing list<br>
<a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.<u></u>org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.<u></u>org/mailman/listinfo/389-users</a></blockquote></div>