Thank you for this interesting piece of information !
So it is a plain bug.
FYI: I created issue https://github.com/389ds/389-ds-base/issues/5772
Regards,
Pierre
_______________________________________________Good morning Pierre,
We tested something different this time.
We created a new root suffix on the same server called dc=oestest,dc=fiu and created a sub suffix ou=testentry,ou=oestest,dc=fiu and still encountered same behavior.
Performing the search ldapsearch -D "cn=manager" -W -b cn=config "(objectclass=nsMappingTree)" displayed the test entry having dc=oestest,dc=fiu as the parent suffix.
dn: cn=dc\3Doestest\2Cdc\3Dfiu,cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: dc=oestest,dc=fiu
cn: dc\=oestest\,dc\=fiu
nsslapd-state: backend
nsslapd-backend: testoestest
# ou\3Dtestentry\2Cdc\3Doestest\2Cdc\3Dfiu, mapping tree, config
dn: cn=ou\3Dtestentry\2Cdc\3Doestest\2Cdc\3Dfiu,cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: ou=testentry,dc=oestest,dc=fiu
cn: ou\=testentry\,dc\=oestest\,dc\=fiu
nsslapd-state: backend
nsslapd-backend: testentrydb
nsslapd-parent-suffix: dc=oestest,dc=fiu
Using an ldap browser and using the manager account with the base dn of the root suffix only displayed the root suffix and not the subsuffix. Similar behavior was seen when running an ldap search with the -s one parameter. If the ldapsearch was performed with the -s sub parameter, then the OU was displayed.
It seems that with this version subsuffixes on different databases are not displayed and only OUs from the root suffix are displayed.
Please advise.
Jason Villarroel
Systems Administrator
Florida International University
Division of Information Technology – Enterprise Systems
PC 120
305-348-2687 (Office)
305-348-3686 (Fax)
Division of Information Technology staff will never ask for your password.
Never email your password or share confidential information in emails.
From: Pierre Rogier <progier@xxxxxxxxxx>
Sent: Thursday, May 4, 2023 11:02 AM
To: General discussion list for the 389 Directory server project. <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: [389-users] Re: Subsuffixes not displaying
Note: This message originated from outside the FIU Faculty/Staff email system.
I do not have this behavior on very recent version based on main branch:
Instance "supplier1" has been restarted
+ exec ldapsearch -Q -LLL -Y EXTERNAL -H ldapi://%2fhome%2fprogier%2fsb%2f389%2ftst%2fci-install%2fvar%2frun%2fslapd-supplier1.socket -b cn=config '(objectClass=nsMappingTree)'
dn: cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: dc=example,dc=com
cn: dc\=example\,dc\=com
nsslapd-state: backend
nsslapd-backend: userroot
nsslapd-referral: ldap://linux.home:5556/dc%3Dexample%2Cdc%3Dcom
dn: cn=dc\3Dfoo\2Cdc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: dc=foo,dc=example,dc=com
cn: dc\=foo\,dc\=example\,dc\=com
nsslapd-state: backend
nsslapd-backend: be2
nsslapd-parent-suffix: dc=example,dc=com
+ exec ldapsearch -Q -LLL -Y EXTERNAL -H ldapi://%2fhome%2fprogier%2fsb%2f389%2ftst%2fci-install%2fvar%2frun%2fslapd-supplier1.socket -b dc=example,dc=com dc=foo
dn: dc=foo,dc=example,dc=com
objectClass: top
objectClass: domain
dc: foo
description: dc=foo,dc=example,dc=com
Using the directory manager account rules out aci issues so I am puzzled.
I wonder if it could be specific to the 389-ds-base-2.2.6-2.el8.x86_64 version
but I am surprised because the 389ds 2.2.6 version is only a few months old ...
A last point: have you restarted the instance after changing the orphan flags ?
On Thu, May 4, 2023 at 3:55 PM Jason Villarroel <jvillarr@xxxxxxx> wrote:
Hello Pierre,
We created a new root suffix on one of our DR servers called dc=oestest,dc=fiu and created a sub suffix ou=testentry,ou=oestest,dc=fiu and still encountered same behavior.
Performing the search ldapsearch -D "cn=manager" -W -b cn=config "(objectclass=nsMappingTree)" displayed the test entry having dc=oestest,dc=fiu as the parent suffix.
dn: cn=dc\3Doestest\2Cdc\3Dfiu,cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: dc=oestest,dc=fiu
cn: dc\=oestest\,dc\=fiu
nsslapd-state: backend
nsslapd-backend: testoestest
# ou\3Dtestentry\2Cdc\3Doestest\2Cdc\3Dfiu, mapping tree, config
dn: cn=ou\3Dtestentry\2Cdc\3Doestest\2Cdc\3Dfiu,cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: ou=testentry,dc=oestest,dc=fiu
cn: ou\=testentry\,dc\=oestest\,dc\=fiu
nsslapd-state: backend
nsslapd-backend: testentrydb
nsslapd-parent-suffix: dc=oestest,dc=fiu
Using an ldap browser and using the the manager account with the base dn of the root suffix only displayed the root suffix and not the subsuffix. Similar behavior was seen when running an ldap search with the -s one parameter. If the ldapsearch was performed with the -s sub parameter, then the OU was displayed.
It seems that with this version subsuffixes on different databases are not displayed and only OUs from the root suffix are displayed.
Please advise.
Thank you.
<Data snipped to compoy to the 100K limit>
--
--
389 Directory Server Development Team_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
--
--
389 Directory Server Development Team
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
389 Directory Server Development Team
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue