FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 07-28-2012, 12:42 AM
Paul Robert Marino
 
Default Question about users and groups in sub suffixes

never mind I found the answer

apparently you have to go into the "Directory" tab in the directory
server and create a domain object because its not automatically
created when you create the database under the sub dn


On Fri, Jul 27, 2012 at 7:03 PM, Paul Robert Marino <prmarino1@gmail.com> wrote:
> Hello every one
>
> I have a strange problem Im trying to use 389 server in a large
> organization and i have to break the directory into several sub
> suffixes or root suffixes.
> there is the scenario
> I work for Large company A
> Large company A owns
> 1) subsidiary b
> 2) subsidiary c
> 3) subsidiary d
>
> Large company A uses domain example.com
> subsidiary b uses domain b.example.com
> subsidiary c uses domain c.example.com
> subsidiary d uses domain d.example.com
>
>
> I would like to separate each of the subsidiaries into their own sub
> suffix partially because of security reasons also to minimize unneeded
> replication for local read only slaves at the subsidiary sites, and I
> would also like the administrator at each subsidiary to have the
> option of manage their own users or having the administrators at the
> parent company do it for them.
>
> now creating the sub suffix with its own database is fairly well
> documented and works well with ou's but doesn't seem to work with
> dc's
> if i create the new suffix as a dc and go into the users and groups in
> the console and try to add a user to the new dc it wont let me. if i
> use the Users drop down menu and try to change directory and set the
> base to the new dc (e.g. dc=b,dc=example,dc=com) it tells me the dc
> isn't valid
>
> I also tried creating a root suffix and ran into the same problem so
> what am i missing?
> Is there some initial database population step I didn't see in the
> documentation or do i need to setup some ACIs or what?
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-28-2012, 12:50 AM
Noriko Hosoi
 
Default Question about users and groups in sub suffixes

Paul Robert Marino wrote:

Hello every one

I have a strange problem Im trying to use 389 server in a large
organization and i have to break the directory into several sub
suffixes or root suffixes.
there is the scenario
I work for Large company A
Large company A owns
1) subsidiary b
2) subsidiary c
3) subsidiary d

Large company A uses domain example.com
subsidiary b uses domain b.example.com
subsidiary c uses domain c.example.com
subsidiary d uses domain d.example.com


I would like to separate each of the subsidiaries into their own sub
suffix partially because of security reasons also to minimize unneeded
replication for local read only slaves at the subsidiary sites, and I
would also like the administrator at each subsidiary to have the
option of manage their own users or having the administrators at the
parent company do it for them.

now creating the sub suffix with its own database is fairly well
documented and works well with ou's but doesn't seem to work with
dc's
if i create the new suffix as a dc and go into the users and groups in
the console and try to add a user to the new dc it wont let me. if i
use the Users drop down menu and try to change directory and set the
base to the new dc (e.g. dc=b,dc=example,dc=com) it tells me the dc
isn't valid

I also tried creating a root suffix and ran into the same problem so
what am i missing?
Is there some initial database population step I didn't see in the
documentation or do i need to setup some ACIs or what?

There should not be any problem to create sub suffix starting with "dc".
$ ldapsearch -LLLx [...] -b "dc=example,dc=com" dn
dn: dc=example,dc=com
dn: dc=B,dc=example,dc=com
dn: dc=C,dc=example,dc=com
dn: dc=D,dc=example,dc=com

I put dc=B in Broot, dc=C in Croot, and dc=D in Droot.
$ ls /var/lib/dirsrv/slapd-ID/db
Broot/ DBVERSION NetscapeRoot/ __db.002 __db.004 __db.006
userRoot/

Croot/ Droot/ __db.001 __db.003 __db.005 log.0000000001

Do you see any errors in the error log?
/var/log/dirsrv/slapd-ID/errors


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-28-2012, 01:48 AM
Paul Robert Marino
 
Default Question about users and groups in sub suffixes

Noriko

Thanks for the reply as I mentioned in my previous email I assumed that when I created the sub suffix database for dc=b,dc=example,dc=com it would automaticly add the dn to the database but it doesn't so I manualy added it and it works now.



For clarity that step should be added to the documentation.

The way I figured it out is I just tried to add a new subdomain without adding a sub suffix and I got a warning message saying I may wan to add the sub suffix first

On Jul 27, 2012 8:50 PM, "Noriko Hosoi" <nhosoi@redhat.com> wrote:
Paul Robert Marino wrote:


Hello every one



I have a strange problem Im trying to use 389 server in a large

organization and i have to break the directory into several sub

suffixes or root suffixes.

there is the scenario

I work for Large company A

Large company A owns

1) subsidiary b

2) *subsidiary c

3) subsidiary d



Large company A uses domain example.com

* subsidiary b uses domain b.example.com

subsidiary c uses domain c.example.com

subsidiary d uses domain d.example.com





I would like to separate each of the subsidiaries into their own sub

suffix partially because of security reasons also to minimize unneeded

replication for local read only slaves at the subsidiary sites, and I

would also like the administrator at each subsidiary to have the

option of manage their own users or having the administrators at the

parent company do it for them.



now creating the sub suffix with its own database is fairly well

documented *and works well with ou's but doesn't seem to work with

dc's

if i create the new suffix as a dc and go into the users and groups in

the console and try to add a user to the new dc it wont let me. if i

use the Users drop down menu and try to change directory and set the

base to the new dc (e.g. dc=b,dc=example,dc=com) it tells me the dc

isn't valid



I also tried creating a root suffix and ran into the same problem so

what am i missing?

Is there some initial database population step I didn't see in the

documentation or do i need to setup some ACIs or what?


There should not be any problem to create sub suffix starting with "dc".

$ ldapsearch -LLLx *[...] *-b "dc=example,dc=com" dn

dn: dc=example,dc=com

dn: dc=B,dc=example,dc=com

dn: dc=C,dc=example,dc=com

dn: dc=D,dc=example,dc=com



I put dc=B in Broot, dc=C in Croot, and dc=D in Droot.

$ ls /var/lib/dirsrv/slapd-ID/db

Broot/ * *DBVERSION *NetscapeRoot/ *__db.002 *__db.004 *__db.006 * * * userRoot/

Croot/ * *Droot/ * * * __db.001 * * *__db.003 *__db.005 log.0000000001



Do you see any errors in the error log?

/var/log/dirsrv/slapd-ID/errors




--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users






--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-30-2012, 04:28 PM
Noriko Hosoi
 
Default Question about users and groups in sub suffixes

Hi Paul,



Paul Robert Marino wrote:




Noriko

Thanks for the reply as I mentioned in my previous email I
assumed that when I created the sub suffix database for
dc=b,dc=example,dc=com it would automaticly add the dn to the
database but it doesn't so I manualy added it and it works now.


For clarity that step should be added to the documentation.

The way I figured it out is I just tried to add a new subdomain
without adding a sub suffix and I got a warning message saying I
may wan to add the sub suffix first


When I created the sub suffix/subdomain, I used the Console.* Here's
what I did.

Open Dorectory Console.

Choose Configuration tab

Choose the parent suffix under Data (dc=example,dc=com, in my
example)

Right click shows a menu; choose "New Sub Suffix".

Fill "New Suffix" and "Database name" box

Then, the new sub suffix is generated (e.g.,
dc=B,dc=example,dc=com")

Expand the new sub suffix; choose the underlying database (having
the Database name you assigned)

Right click shows a menu; choose "Initialize database"

Give the ldif file to initialize the sub suffix/subdomain.



Thanks,

--noriko




On Jul 27, 2012 8:50 PM, "Noriko Hosoi"
<nhosoi@redhat.com>
wrote:

Paul Robert Marino wrote:


Hello every one



I have a strange problem Im trying to use 389 server in a
large

organization and i have to break the directory into several
sub

suffixes or root suffixes.

there is the scenario

I work for Large company A

Large company A owns

1) subsidiary b

2) *subsidiary c

3) subsidiary d



Large company A uses domain example.com

* subsidiary b uses domain b.example.com

subsidiary c uses domain c.example.com

subsidiary d uses domain d.example.com





I would like to separate each of the subsidiaries into their
own sub

suffix partially because of security reasons also to
minimize unneeded

replication for local read only slaves at the subsidiary
sites, and I

would also like the administrator at each subsidiary to have
the

option of manage their own users or having the
administrators at the

parent company do it for them.



now creating the sub suffix with its own database is fairly
well

documented *and works well with ou's but doesn't seem to
work with

dc's

if i create the new suffix as a dc and go into the users and
groups in

the console and try to add a user to the new dc it wont let
me. if i

use the Users drop down menu and try to change directory and
set the

base to the new dc (e.g. dc=b,dc=example,dc=com) it tells me
the dc

isn't valid



I also tried creating a root suffix and ran into the same
problem so

what am i missing?

Is there some initial database population step I didn't see
in the

documentation or do i need to setup some ACIs or what?


There should not be any problem to create sub suffix starting
with "dc".

$ ldapsearch -LLLx *[...] *-b "dc=example,dc=com" dn

dn: dc=example,dc=com

dn: dc=B,dc=example,dc=com

dn: dc=C,dc=example,dc=com

dn: dc=D,dc=example,dc=com



I put dc=B in Broot, dc=C in Croot, and dc=D in Droot.

$ ls /var/lib/dirsrv/slapd-ID/db

Broot/ * *DBVERSION *NetscapeRoot/ *__db.002 *__db.004
*__db.006 * * * userRoot/

Croot/ * *Droot/ * * * __db.001 * * *__db.003 *__db.005
log.0000000001



Do you see any errors in the error log?

/var/log/dirsrv/slapd-ID/errors




--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users






--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users






--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users







--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 08:05 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org