Noriko Thanks for the reply as I mentioned in my previous email I assumed that when I created the sub suffix database for dc=b,dc=example,dc=com it would automaticly add the dn to the database but it doesn't so I manualy added it and it works now.
For clarity that step should be added to the documentation. The way I figured it out is I just tried to add a new subdomain without adding a sub suffix and I got a warning message saying I may wan to add the sub suffix first On Jul 27, 2012 8:50 PM, "Noriko Hosoi" <nho...@redhat.com> wrote: > Paul Robert Marino wrote: > >> Hello every one >> >> I have a strange problem Im trying to use 389 server in a large >> organization and i have to break the directory into several sub >> suffixes or root suffixes. >> there is the scenario >> I work for Large company A >> Large company A owns >> 1) subsidiary b >> 2) subsidiary c >> 3) subsidiary d >> >> Large company A uses domain example.com >> subsidiary b uses domain b.example.com >> subsidiary c uses domain c.example.com >> subsidiary d uses domain d.example.com >> >> >> I would like to separate each of the subsidiaries into their own sub >> suffix partially because of security reasons also to minimize unneeded >> replication for local read only slaves at the subsidiary sites, and I >> would also like the administrator at each subsidiary to have the >> option of manage their own users or having the administrators at the >> parent company do it for them. >> >> now creating the sub suffix with its own database is fairly well >> documented and works well with ou's but doesn't seem to work with >> dc's >> if i create the new suffix as a dc and go into the users and groups in >> the console and try to add a user to the new dc it wont let me. if i >> use the Users drop down menu and try to change directory and set the >> base to the new dc (e.g. dc=b,dc=example,dc=com) it tells me the dc >> isn't valid >> >> I also tried creating a root suffix and ran into the same problem so >> what am i missing? >> Is there some initial database population step I didn't see in the >> documentation or do i need to setup some ACIs or what? >> > There should not be any problem to create sub suffix starting with "dc". > $ ldapsearch -LLLx [...] -b "dc=example,dc=com" dn > dn: dc=example,dc=com > dn: dc=B,dc=example,dc=com > dn: dc=C,dc=example,dc=com > dn: dc=D,dc=example,dc=com > > I put dc=B in Broot, dc=C in Croot, and dc=D in Droot. > $ ls /var/lib/dirsrv/slapd-ID/db > Broot/ DBVERSION NetscapeRoot/ __db.002 __db.004 __db.006 > userRoot/ > Croot/ Droot/ __db.001 __db.003 __db.005 log.0000000001 > > Do you see any errors in the error log? > /var/log/dirsrv/slapd-ID/**errors > > -- >> 389 users mailing list >> 389-users@lists.fedoraproject.**org <389-users@lists.fedoraproject.org> >> https://admin.fedoraproject.**org/mailman/listinfo/389-users<https://admin.fedoraproject.org/mailman/listinfo/389-users> >> > > > -- > 389 users mailing list > 389-users@lists.fedoraproject.**org <389-users@lists.fedoraproject.org> > https://admin.fedoraproject.**org/mailman/listinfo/389-users<https://admin.fedoraproject.org/mailman/listinfo/389-users>
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users