|
Sorry, I just double checked and I do have the integerOrderingMatch Matching Rule configured for uidNumber and gidNumber. I have no idea if that would make a difference for you or not.
-- From: Merritt, Todd R - (tmerritt) <tmerritt@xxxxxxxxxxx>
Sent: Thursday, August 11, 2022 2:26 PM To: General discussion list for the 389 Directory server project. <389-users@xxxxxxxxxxxxxxxxxxxxxxx> Subject: [389-users] Re: DNA Plugin creating duplicates
CAUTION: This email originated from outside of UL Lafayette. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Thanks, that's a good thought. It looks like I do have the index set up though.
dn: cn=uidnumber,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config
cn: uidnumber
nsIndexType: eq
nsSystemIndex: False
objectClass: top
objectClass: nsIndex
Does the index also need to support nsMatchingRule: integerOrderingMatch for inequality searching?
Todd
From: Patrick M Landry <patrick.landry@xxxxxxxxxxxxx>
Sent: Thursday, August 11, 2022 12:16 PM To: General discussion list for the 389 Directory server project. <389-users@xxxxxxxxxxxxxxxxxxxxxxx> Subject: [EXT][389-users] Re: DNA Plugin creating duplicates External Email
It has been a long time since I set this up and I am running an older version of the server but I did find this in my notes:
Perhaps that is it?
-- From: Merritt, Todd R - (tmerritt) <tmerritt@xxxxxxxxxxx>
Sent: Thursday, August 11, 2022 12:51 PM To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx <389-users@xxxxxxxxxxxxxxxxxxxxxxx> Subject: [389-users] DNA Plugin creating duplicates
CAUTION: This email originated from outside of UL Lafayette. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hi,
I'm running 389ds 2.0.15 on a two node cluster in a multi master mode. I'm using the DNA plugin to generate unique uid numbers for new accounts. Each directory instance is assigned a unique range of uid numbers. It works in so far as it assigns a uid number
when it gets the magic token but whatever is supposed to be verifying that the uid number is not already assigned is not working. I've cranked the error log level up, but I don't get anything in the logs that is helpful in determining why that validation is
not working correctly.
# ansible-managed-uidnumber-generation, Distributed Numeric Assignment Plugin,
plugins, config
dn: cn=ansible-managed-uidnumber-generation,cn=Distributed Numeric Assignment
Plugin,cn=plugins,cn=config
objectClass: top
objectClass: dnaPluginConfig
cn: ansible-managed-uidnumber-generation
dnaType: uidNumber
dnaNextValue: 62009
dnaMaxValue: 131000
dnaMagicRegen: generate
dnaFilter: (objectclass=posixAccount)
dnaScope: ou=Accounts,dc=example,dc=edu
dnaSharedCfgDN: ou=ranges,ou=Accounts,dc=example,dc=edu
I'm stumped. Anyone have any direction on how to debug this further?
Thanks!
Todd
|
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
