Good morning Pierre,
We tested something different this time. We created a new root suffix on the same server called dc=oestest,dc=fiu and created a sub suffix ou=testentry,ou=oestest,dc=fiu and still encountered same behavior. Performing the search ldapsearch -D "cn=manager" -W -b cn=config "(objectclass=nsMappingTree)" displayed the test entry having dc=oestest,dc=fiu as the parent suffix.
dn: cn=dc\3Doestest\2Cdc\3Dfiu,cn=mapping tree,cn=config objectClass: top objectClass: extensibleObject objectClass: nsMappingTree cn: dc=oestest,dc=fiu cn: dc=oestest,dc=fiu nsslapd-state: backend nsslapd-backend: testoestest
# ou\3Dtestentry\2Cdc\3Doestest\2Cdc\3Dfiu, mapping tree, config dn: cn=ou\3Dtestentry\2Cdc\3Doestest\2Cdc\3Dfiu,cn=mapping tree,cn=config objectClass: top objectClass: extensibleObject objectClass: nsMappingTree cn: ou=testentry,dc=oestest,dc=fiu cn: ou=testentry,dc=oestest,dc=fiu nsslapd-state: backend nsslapd-backend: testentrydb nsslapd-parent-suffix: dc=oestest,dc=fiu
Using an ldap browser and using the manager account with the base dn of the root suffix only displayed the root suffix and not the subsuffix. Similar behavior was seen when running an ldap search with the -s one parameter. If the ldapsearch was performed with the -s sub parameter, then the OU was displayed.
It seems that with this version subsuffixes on different databases are not displayed and only OUs from the root suffix are displayed. Please advise.
Jason Villarroel Systems Administrator Florida International University Division of Information Technology – Enterprise Systems PC 120 305-348-2687 (Office) 305-348-3686 (Fax)
[cid:image001.png@01D984BC.BBD61D70]https://fiu.service-now.com/sp?id=kb_article&sys_id=dd81ca14db54fa4019f173921f961945 Division of Information Technology staff will never ask for your password. Never email your password or share confidential information in emails.
From: Pierre Rogier progier@redhat.com Sent: Thursday, May 4, 2023 11:02 AM To: General discussion list for the 389 Directory server project. 389-users@lists.fedoraproject.org Subject: [389-users] Re: Subsuffixes not displaying
Note: This message originated from outside the FIU Faculty/Staff email system.
I do not have this behavior on very recent version based on main branch: Instance "supplier1" has been restarted + exec ldapsearch -Q -LLL -Y EXTERNAL -H ldapi://%2fhome%2fprogier%2fsb%2f389%2ftst%2fci-install%2fvar%2frun%2fslapd-supplier1.socket -b cn=config '(objectClass=nsMappingTree)' dn: cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config objectClass: top objectClass: extensibleObject objectClass: nsMappingTree cn: dc=example,dc=com cn: dc=example,dc=com nsslapd-state: backend nsslapd-backend: userroot nsslapd-referral: ldap://linux.home:5556/dc%3Dexample%2Cdc%3Dcom
dn: cn=dc\3Dfoo\2Cdc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config objectClass: top objectClass: extensibleObject objectClass: nsMappingTree cn: dc=foo,dc=example,dc=com cn: dc=foo,dc=example,dc=com nsslapd-state: backend nsslapd-backend: be2 nsslapd-parent-suffix: dc=example,dc=com
+ exec ldapsearch -Q -LLL -Y EXTERNAL -H ldapi://%2fhome%2fprogier%2fsb%2f389%2ftst%2fci-install%2fvar%2frun%2fslapd-supplier1.socket -b dc=example,dc=com dc=foo dn: dc=foo,dc=example,dc=com objectClass: top objectClass: domain dc: foo description: dc=foo,dc=example,dc=com
Using the directory manager account rules out aci issues so I am puzzled. I wonder if it could be specific to the 389-ds-base-2.2.6-2.el8.x86_64 version but I am surprised because the 389ds 2.2.6 version is only a few months old ...
A last point: have you restarted the instance after changing the orphan flags ?
On Thu, May 4, 2023 at 3:55 PM Jason Villarroel <jvillarr@fiu.edumailto:jvillarr@fiu.edu> wrote: Hello Pierre,
We created a new root suffix on one of our DR servers called dc=oestest,dc=fiu and created a sub suffix ou=testentry,ou=oestest,dc=fiu and still encountered same behavior.
Performing the search ldapsearch -D "cn=manager" -W -b cn=config "(objectclass=nsMappingTree)" displayed the test entry having dc=oestest,dc=fiu as the parent suffix.
dn: cn=dc\3Doestest\2Cdc\3Dfiu,cn=mapping tree,cn=config objectClass: top objectClass: extensibleObject objectClass: nsMappingTree cn: dc=oestest,dc=fiu cn: dc=oestest,dc=fiu nsslapd-state: backend nsslapd-backend: testoestest
# ou\3Dtestentry\2Cdc\3Doestest\2Cdc\3Dfiu, mapping tree, config dn: cn=ou\3Dtestentry\2Cdc\3Doestest\2Cdc\3Dfiu,cn=mapping tree,cn=config objectClass: top objectClass: extensibleObject objectClass: nsMappingTree cn: ou=testentry,dc=oestest,dc=fiu cn: ou=testentry,dc=oestest,dc=fiu nsslapd-state: backend nsslapd-backend: testentrydb nsslapd-parent-suffix: dc=oestest,dc=fiu
Using an ldap browser and using the the manager account with the base dn of the root suffix only displayed the root suffix and not the subsuffix. Similar behavior was seen when running an ldap search with the -s one parameter. If the ldapsearch was performed with the -s sub parameter, then the OU was displayed.
It seems that with this version subsuffixes on different databases are not displayed and only OUs from the root suffix are displayed.
Please advise. Thank you.
<Data snipped to compoy to the 100K limit>
-- --
389 Directory Server Development Team _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.orgmailto:389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.orgmailto:389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/https://urldefense.com/v3/__https:/docs.fedoraproject.org/en-US/project/code-of-conduct/__;!!FjuHKAHQs5udqho!JAXfRbyO_LP7LEz0_a44IH8bRm8C719r68v4ud-10ApuEWwq3dC3UGiiZ-W8UFi1x6RsgJ1AjUmjZX9n$ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelineshttps://urldefense.com/v3/__https:/fedoraproject.org/wiki/Mailing_list_guidelines__;!!FjuHKAHQs5udqho!JAXfRbyO_LP7LEz0_a44IH8bRm8C719r68v4ud-10ApuEWwq3dC3UGiiZ-W8UFi1x6RsgJ1AjY9KDD1J$ List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....https://urldefense.com/v3/__https:/lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org__;!!FjuHKAHQs5udqho!JAXfRbyO_LP7LEz0_a44IH8bRm8C719r68v4ud-10ApuEWwq3dC3UGiiZ-W8UFi1x6RsgJ1AjdI-S_Or$ Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issuehttps://urldefense.com/v3/__https:/pagure.io/fedora-infrastructure/new_issue__;!!FjuHKAHQs5udqho!JAXfRbyO_LP7LEz0_a44IH8bRm8C719r68v4ud-10ApuEWwq3dC3UGiiZ-W8UFi1x6RsgJ1AjSOFM7sk$
-- --
389 Directory Server Development Team