[389-users] Question about users and groups in sub suffixes
Paul Robert Marino
prmarino1 at gmail.com
Sat Jul 28 01:48:22 UTC 2012
Noriko
Thanks for the reply as I mentioned in my previous email I assumed that
when I created the sub suffix database for dc=b,dc=example,dc=com it would
automaticly add the dn to the database but it doesn't so I manualy added it
and it works now.
For clarity that step should be added to the documentation.
The way I figured it out is I just tried to add a new subdomain without
adding a sub suffix and I got a warning message saying I may wan to add the
sub suffix first
On Jul 27, 2012 8:50 PM, "Noriko Hosoi" <nhosoi at redhat.com> wrote:
> Paul Robert Marino wrote:
>
>> Hello every one
>>
>> I have a strange problem Im trying to use 389 server in a large
>> organization and i have to break the directory into several sub
>> suffixes or root suffixes.
>> there is the scenario
>> I work for Large company A
>> Large company A owns
>> 1) subsidiary b
>> 2) subsidiary c
>> 3) subsidiary d
>>
>> Large company A uses domain example.com
>> subsidiary b uses domain b.example.com
>> subsidiary c uses domain c.example.com
>> subsidiary d uses domain d.example.com
>>
>>
>> I would like to separate each of the subsidiaries into their own sub
>> suffix partially because of security reasons also to minimize unneeded
>> replication for local read only slaves at the subsidiary sites, and I
>> would also like the administrator at each subsidiary to have the
>> option of manage their own users or having the administrators at the
>> parent company do it for them.
>>
>> now creating the sub suffix with its own database is fairly well
>> documented and works well with ou's but doesn't seem to work with
>> dc's
>> if i create the new suffix as a dc and go into the users and groups in
>> the console and try to add a user to the new dc it wont let me. if i
>> use the Users drop down menu and try to change directory and set the
>> base to the new dc (e.g. dc=b,dc=example,dc=com) it tells me the dc
>> isn't valid
>>
>> I also tried creating a root suffix and ran into the same problem so
>> what am i missing?
>> Is there some initial database population step I didn't see in the
>> documentation or do i need to setup some ACIs or what?
>>
> There should not be any problem to create sub suffix starting with "dc".
> $ ldapsearch -LLLx [...] -b "dc=example,dc=com" dn
> dn: dc=example,dc=com
> dn: dc=B,dc=example,dc=com
> dn: dc=C,dc=example,dc=com
> dn: dc=D,dc=example,dc=com
>
> I put dc=B in Broot, dc=C in Croot, and dc=D in Droot.
> $ ls /var/lib/dirsrv/slapd-ID/db
> Broot/ DBVERSION NetscapeRoot/ __db.002 __db.004 __db.006
> userRoot/
> Croot/ Droot/ __db.001 __db.003 __db.005 log.0000000001
>
> Do you see any errors in the error log?
> /var/log/dirsrv/slapd-ID/**errors
>
> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.**org <389-users at lists.fedoraproject.org>
>> https://admin.fedoraproject.**org/mailman/listinfo/389-users<https://admin.fedoraproject.org/mailman/listinfo/389-users>
>>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.**org <389-users at lists.fedoraproject.org>
> https://admin.fedoraproject.**org/mailman/listinfo/389-users<https://admin.fedoraproject.org/mailman/listinfo/389-users>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120727/9c872b10/attachment.html>
More information about the 389-users
mailing list