Re: Question about users and groups in sub suffixes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Paul Robert Marino wrote:

Hello every one

I have a strange problem Im trying to use 389 server in a large
organization and i have to break the directory into several sub
suffixes or root suffixes.
there is the scenario
I work for Large company A
Large company A owns
1) subsidiary b
2)  subsidiary c
3) subsidiary d

Large company A uses domain example.com
  subsidiary b uses domain b.example.com
subsidiary c uses domain c.example.com
subsidiary d uses domain d.example.com


I would like to separate each of the subsidiaries into their own sub
suffix partially because of security reasons also to minimize unneeded
replication for local read only slaves at the subsidiary sites, and I
would also like the administrator at each subsidiary to have the
option of manage their own users or having the administrators at the
parent company do it for them.

now creating the sub suffix with its own database is fairly well
documented  and works well with ou's but doesn't seem to work with
dc's
if i create the new suffix as a dc and go into the users and groups in
the console and try to add a user to the new dc it wont let me. if i
use the Users drop down menu and try to change directory and set the
base to the new dc (e.g. dc=b,dc=example,dc=com) it tells me the dc
isn't valid

I also tried creating a root suffix and ran into the same problem so
what am i missing?
Is there some initial database population step I didn't see in the
documentation or do i need to setup some ACIs or what?

There should not be any problem to create sub suffix starting with "dc".
$ ldapsearch -LLLx  [...]  -b "dc=example,dc=com" dn
dn: dc=example,dc=com
dn: dc=B,dc=example,dc=com
dn: dc=C,dc=example,dc=com
dn: dc=D,dc=example,dc=com

I put dc=B in Broot, dc=C in Croot, and dc=D in Droot.
$ ls /var/lib/dirsrv/slapd-ID/db
Broot/ DBVERSION NetscapeRoot/ __db.002 __db.004 __db.006 userRoot/ 
Croot/    Droot/       __db.001      __db.003  __db.005 log.0000000001

Do you see any errors in the error log?
/var/log/dirsrv/slapd-ID/errors


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux