Yep, I just tested it out for haha's on my test directory instance
after skimming the plugin source and seeing that it actually does
does a range search using >=, <=. Sure enough that seems to have
resolved it. It did work properly in the current configuration once
upon a time so either my directory grew enough that the range search
started to time out without the index or the range search was
introduced in an update at some point. Thanks for the pointer!
Todd
------------------------------------------------------------------------
*From:* Patrick M Landry <patrick.lan...@louisiana.edu>
<mailto:patrick.lan...@louisiana.edu>
*Sent:* Thursday, August 11, 2022 12:55 PM
*To:* General discussion list for the 389 Directory server project.
<389-users@lists.fedoraproject.org>
<mailto:389-users@lists.fedoraproject.org>
*Subject:* [EXT][389-users] Re: DNA Plugin creating duplicates
*External Email*
Sorry, I just double checked and I *do* have
the integerOrderingMatch Matching Rule configured for uidNumber and
gidNumber. I have no idea if that would make a difference for you or not.
--
Patrick Landry
Special Projects Engineer
University Computing Support Services
University of Louisiana at Lafayette
P.O. Box 43621
Lafayette, LA 70504
(337) 482-6402
patrick.lan...@louisiana.edu <mailto:patrick.lan...@louisiana.edu>
–––––––––––––––––––––––––
Université des Acadiens
------------------------------------------------------------------------
*From:* Merritt, Todd R - (tmerritt) <tmerr...@arizona.edu>
<mailto:tmerr...@arizona.edu>
*Sent:* Thursday, August 11, 2022 2:26 PM
*To:* General discussion list for the 389 Directory server project.
<389-users@lists.fedoraproject.org>
<mailto:389-users@lists.fedoraproject.org>
*Subject:* [389-users] Re: DNA Plugin creating duplicates
CAUTION: This email originated from outside of UL Lafayette. Do not
click links or open attachments unless you recognize the sender and
know the content is safe.
Thanks, that's a good thought. It looks like I do have the index set
up though.
dn: cn=uidnumber,cn=index,cn=userroot,cn=ldbm
database,cn=plugins,cn=config
cn: uidnumber
nsIndexType: eq
nsSystemIndex: False
objectClass: top
objectClass: nsIndex
Does the index also need to support nsMatchingRule:
integerOrderingMatch for inequality searching?
Todd
------------------------------------------------------------------------
*From:* Patrick M Landry <patrick.lan...@louisiana.edu>
<mailto:patrick.lan...@louisiana.edu>
*Sent:* Thursday, August 11, 2022 12:16 PM
*To:* General discussion list for the 389 Directory server project.
<389-users@lists.fedoraproject.org>
<mailto:389-users@lists.fedoraproject.org>
*Subject:* [EXT][389-users] Re: DNA Plugin creating duplicates
*External Email*
It has been a long time since I set this up and I am running an older
version of the server but I did find this in my notes:
Before assigning a number to a new entry theDNAplugin searches
the directory to ensure that the number is not already being
used. For this reason indexes had to be created for all of the
attributes which theDNAplugin can assign values to.
Perhaps that is it?
--
Patrick Landry
Special Projects Engineer
University Computing Support Services
University of Louisiana at Lafayette
P.O. Box 43621
Lafayette, LA 70504
(337) 482-6402
patrick.lan...@louisiana.edu <mailto:patrick.lan...@louisiana.edu>
–––––––––––––––––––––––––
Université des Acadiens
------------------------------------------------------------------------
*From:* Merritt, Todd R - (tmerritt) <tmerr...@arizona.edu>
<mailto:tmerr...@arizona.edu>
*Sent:* Thursday, August 11, 2022 12:51 PM
*To:* 389-users@lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
<389-users@lists.fedoraproject.org>
<mailto:389-users@lists.fedoraproject.org>
*Subject:* [389-users] DNA Plugin creating duplicates
CAUTION: This email originated from outside of UL Lafayette. Do not
click links or open attachments unless you recognize the sender and
know the content is safe.
Hi,
I'm running 389ds 2.0.15 on a two node cluster in a multi master
mode. I'm using the DNA plugin to generate unique uid numbers for new
accounts. Each directory instance is assigned a unique range of uid
numbers. It works in so far as it assigns a uid number when it gets
the magic token but whatever is supposed to be verifying that the uid
number is not already assigned is not working. I've cranked the error
log level up, but I don't get anything in the logs that is helpful in
determining why that validation is not working correctly.
# ansible-managed-uidnumber-generation, Distributed Numeric
Assignment Plugin,
plugins, config
dn: cn=ansible-managed-uidnumber-generation,cn=Distributed Numeric
Assignment
Plugin,cn=plugins,cn=config
objectClass: top
objectClass: dnaPluginConfig
cn: ansible-managed-uidnumber-generation
dnaType: uidNumber
dnaNextValue: 62009
dnaMaxValue: 131000
dnaMagicRegen: generate
dnaFilter: (objectclass=posixAccount)
dnaScope: ou=Accounts,dc=example,dc=edu
dnaSharedCfgDN: ou=ranges,ou=Accounts,dc=example,dc=edu
I'm stumped. Anyone have any direction on how to debug this further?
Thanks!
Todd
_______________________________________________
389-users mailing list --389-users@lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
To unsubscribe send an email to389-users-le...@lists.fedoraproject.org
<mailto:389-users-le...@lists.fedoraproject.org>
Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
<https://docs.fedoraproject.org/en-US/project/code-of-conduct/>
List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
<https://fedoraproject.org/wiki/Mailing_list_guidelines>
List
Archives:https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
<https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org>
Do not reply to spam, report it:https://pagure.io/fedora-infrastructure/new_issue
<https://pagure.io/fedora-infrastructure/new_issue>