Good morning Pierre,
We tested something different this time.
We created a new root suffix on the same server called dc=oestest,dc=fiu and created a sub suffix ou=testentry,ou=oestest,dc=fiu and still encountered same behavior.
Performing the search ldapsearch -D "cn=manager" -W -b cn=config "(objectclass=nsMappingTree)" displayed the test entry having dc=oestest,dc=fiu as the parent suffix.
dn: cn=dc\3Doestest\2Cdc\3Dfiu,cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: dc=oestest,dc=fiu
cn: dc\=oestest\,dc\=fiu
nsslapd-state: backend
nsslapd-backend: testoestest
# ou\3Dtestentry\2Cdc\3Doestest\2Cdc\3Dfiu, mapping tree, config
dn: cn=ou\3Dtestentry\2Cdc\3Doestest\2Cdc\3Dfiu,cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: ou=testentry,dc=oestest,dc=fiu
cn: ou\=testentry\,dc\=oestest\,dc\=fiu
nsslapd-state: backend
nsslapd-backend: testentrydb
nsslapd-parent-suffix: dc=oestest,dc=fiu
Using an ldap browser and using the manager account with the base dn of the root suffix only displayed the root suffix and not the subsuffix. Similar behavior was seen when running an ldap search with the -s one
parameter. If the ldapsearch was performed with the -s sub parameter, then the OU was displayed.
It seems that with this version subsuffixes on different databases are not displayed and only OUs from the root suffix are displayed.
Please advise.
Jason Villarroel
Systems Administrator
Florida International University
Division of Information Technology – Enterprise Systems
PC 120
305-348-2687 (Office)
305-348-3686 (Fax)
Division of Information Technology staff will never ask for your password.
Never email your password or share confidential information in emails.
From: Pierre Rogier <progier@xxxxxxxxxx>
Sent: Thursday, May 4, 2023 11:02 AM
To: General discussion list for the 389 Directory server project. <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: [389-users] Re: Subsuffixes not displaying
Note: This message originated from outside the FIU Faculty/Staff email system.
I do not have this behavior on very recent version based on main branch:
Instance "supplier1" has been restarted
+ exec ldapsearch -Q -LLL -Y EXTERNAL -H ldapi://%2fhome%2fprogier%2fsb%2f389%2ftst%2fci-install%2fvar%2frun%2fslapd-supplier1.socket -b cn=config '(objectClass=nsMappingTree)'
dn: cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: dc=example,dc=com
cn: dc\=example\,dc\=com
nsslapd-state: backend
nsslapd-backend: userroot
nsslapd-referral: ldap://linux.home:5556/dc%3Dexample%2Cdc%3Dcom
dn: cn=dc\3Dfoo\2Cdc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: dc=foo,dc=example,dc=com
cn: dc\=foo\,dc\=example\,dc\=com
nsslapd-state: backend
nsslapd-backend: be2
nsslapd-parent-suffix: dc=example,dc=com
+ exec ldapsearch -Q -LLL -Y EXTERNAL -H ldapi://%2fhome%2fprogier%2fsb%2f389%2ftst%2fci-install%2fvar%2frun%2fslapd-supplier1.socket -b dc=example,dc=com dc=foo
dn: dc=foo,dc=example,dc=com
objectClass: top
objectClass: domain
dc: foo
description: dc=foo,dc=example,dc=com
Using the directory manager account rules out aci issues so I am puzzled.
I wonder if it could be specific to the 389-ds-base-2.2.6-2.el8.x86_64 version
but I am surprised because the 389ds 2.2.6 version is only a few months old ...
A last point: have you restarted the instance after changing the orphan flags ?
Hello Pierre,
We created a new root suffix on one of our DR servers called dc=oestest,dc=fiu and created a sub suffix ou=testentry,ou=oestest,dc=fiu and still encountered
same behavior.
Performing the search ldapsearch -D "cn=manager" -W -b cn=config "(objectclass=nsMappingTree)" displayed the test entry having dc=oestest,dc=fiu as the
parent suffix.
dn: cn=dc\3Doestest\2Cdc\3Dfiu,cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: dc=oestest,dc=fiu
cn: dc\=oestest\,dc\=fiu
nsslapd-state: backend
nsslapd-backend: testoestest
# ou\3Dtestentry\2Cdc\3Doestest\2Cdc\3Dfiu, mapping tree, config
dn: cn=ou\3Dtestentry\2Cdc\3Doestest\2Cdc\3Dfiu,cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: ou=testentry,dc=oestest,dc=fiu
cn: ou\=testentry\,dc\=oestest\,dc\=fiu
nsslapd-state: backend
nsslapd-backend: testentrydb
nsslapd-parent-suffix: dc=oestest,dc=fiu
Using an ldap browser and using the the manager account with the base dn of the root suffix only displayed the root suffix and not the subsuffix. Similar
behavior was seen when running an ldap search with the -s one parameter. If the ldapsearch was performed with the -s sub parameter, then the OU was displayed.
It seems that with this version subsuffixes on different databases are not displayed and only OUs from the root suffix are displayed.
Please advise.
Thank you.
<Data snipped to compoy to the 100K limit>
--
--
389 Directory Server Development Team
_______________________________________________
389-users mailing list --
389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to
389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
--
--
389 Directory Server Development Team
