[Freeipa-users] Re: Need help with confusing query results

[Edward Valley via FreeIPA-users]

Hi Thierry,

I commented on the issue and posted the link to the script I made on GitHub.

Thanks
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: Need help with confusing query results

[Thierry Bordaz via FreeIPA-users]

Hi Edward,

thank you so much diving up to the RC. I opened 
https://github.com/389ds/389-ds-base/issues/5158 to track that issue


regards
thierry

On 2/9/22 1:29 AM, Edward Valley via FreeIPA-users wrote:

Hi,

Finally, I made a bash script that:

1. Receives as arguments a 'base' and a 'filter' (like the fix-up task)
2. Search for incomplete entries (no entryUUID attribute)
3. Patch dirsrv schema (99user.ldif) to make entryUUID attribute mutable 
(Removes NO-USER-MODIFICATION)
4. Restarts dirsrv instance service
5. Generates and sets an entryUUID for every incomplete entry found matching 
the filter
6. Restores dirsrv schema
7. Restarts dirsrv instance service

Changes are immediately replicated and everything works like it should be.
Like I said before, new entries have an entryUUID attribute generated 
automatically, that was never a problem.
I can share the script if anyone is interested.

Thank you all for your work and time.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: Need help with confusing query results

[Edward Valley via FreeIPA-users]

Hi,

Finally, I made a bash script that:

1. Receives as arguments a 'base' and a 'filter' (like the fix-up task)
2. Search for incomplete entries (no entryUUID attribute)
3. Patch dirsrv schema (99user.ldif) to make entryUUID attribute mutable 
(Removes NO-USER-MODIFICATION)
4. Restarts dirsrv instance service
5. Generates and sets an entryUUID for every incomplete entry found matching 
the filter
6. Restores dirsrv schema
7. Restarts dirsrv instance service

Changes are immediately replicated and everything works like it should be.
Like I said before, new entries have an entryUUID attribute generated 
automatically, that was never a problem.
I can share the script if anyone is interested.

Thank you all for your work and time.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: Need help with confusing query results

[Edward Valley via FreeIPA-users]

Hi Thierry,

Here it go...
ldapsearch -LLL -o ldif-wrap=no -h localhost -x \
-D "cn=Directory Manager" -w "..." \
-b "cn=users,cn=accounts,dc=..." \
'(uid=user1)' nscpentrywsi
nscpentrywsi: cn;vucsn-5d77decd0004: Test User 1
nscpentrywsi: createTimestamp;vucsn-5d77decd0004: ...
nscpentrywsi: creatorsName;vucsn-5d77decd0004: 
uid=admin,cn=users,cn=accounts,dc=...
nscpentrywsi: 
displayName;adcsn-612f8ae00021;vucsn-612f8ae00021: Test User 1
nscpentrywsi: dn: uid=user1,cn=users,cn=accounts,dc=...
nscpentrywsi: entryid: ...
nscpentrywsi: entryusn;adcsn-61f97e6d000100260003;vucsn-61f97e6d000100260003: 
...
nscpentrywsi: gecos;vucsn-5d77decd0004: Test User 1
nscpentrywsi: gidNumber: ...
nscpentrywsi: givenName;vucsn-5d77decd0004: Test
nscpentrywsi: homeDirectory;vucsn-5d77decd0004: /home/user1
nscpentrywsi: initials;vucsn-5d77decd0004: TU
nscpentrywsi: ipaUniqueID;vucsn-5d77decd0004: 
----
nscpentrywsi: krbCanonicalName;vucsn-5d77decd0004: user1@...
nscpentrywsi: 
krbExtraData;adcsn-61b75d070004001f;vucsn-61b75d070004001f:: ...
nscpentrywsi: 
krbLastPwdChange;adcsn-61b75d07001f0001;vucsn-61b75d07001f0001: ...
nscpentrywsi: 
krbPasswordExpiration;adcsn-61b75d07001f0002;vucsn-61b75d07001f0002: ...
nscpentrywsi: 
krbPrincipalKey;adcsn-61b75d07001f;vucsn-61b75d07001f:: ...
nscpentrywsi: krbPrincipalName;vucsn-5d77decd0004: user1@...
nscpentrywsi: loginShell;adcsn-60d643600021;vucsn-60d643600021: 
/bin/sh
nscpentrywsi: memberOf;vucsn-61ea188800050022: 
cn=ipausers,cn=groups,cn=accounts,dc=...
nscpentrywsi: mepManagedEntry;vucsn-5d77decd00070004: 
cn=user1,cn=groups,cn=accounts,dc=...
nscpentrywsi: 
modifyTimestamp;adcsn-61f97e6d000100260002;vucsn-61f97e6d000100260002: ...
nscpentrywsi: 
nsAccountLock;adcsn-5f793c400015;vucsn-5f793dc700150001: FALSE
nscpentrywsi: nsUniqueId: ---
nscpentrywsi: objectClass;vucsn-5d77decd0004: inetorgperson
nscpentrywsi: objectClass;vucsn-5d77decd0004: inetuser
nscpentrywsi: objectClass;vucsn-5d77decd0004: ipaobject
nscpentrywsi: objectClass;vucsn-5d77decd0004: ipaSshGroupOfPubKeys
nscpentrywsi: objectClass;vucsn-5d77decd0004: ipasshuser
nscpentrywsi: objectClass;vucsn-5d77decd0004: krbprincipalaux
nscpentrywsi: objectClass;vucsn-5d77decd0004: krbticketpolicyaux
nscpentrywsi: objectClass;vucsn-5d77decd0004: organizationalperson
nscpentrywsi: objectClass;vucsn-5d77decd0004: person
nscpentrywsi: objectClass;vucsn-5d77decd0004: posixaccount
nscpentrywsi: objectClass;vucsn-5d77decd0004: top
nscpentrywsi: objectClass;vucsn-5d77decd00060004: mepOriginEntry
nscpentrywsi: parentid: 77
nscpentrywsi: sn;vucsn-5d77decd0004: User 1
nscpentrywsi: uidNumber: ...
nscpentrywsi: uid;vucsn-5d77decd0004;mdcsn-5d77decd0004: user1
nscpentrywsi: 
userPassword;adcsn-61b75d07001f0003;vucsn-61b75d07001f0003: ...

Thanks
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: Need help with confusing query results

[Thierry Bordaz via FreeIPA-users]

On 2/1/22 6:50 AM, Edward Valley via FreeIPA-users wrote:

Hi Thierry,

Do you want the output of:
ldapsearch -LLL -h localhost -x -D "cn=Directory Manager" -w "..." \
 -b "cn=users,cn=accounts,dc=..." '(uid=user1)' '*'

Or are you talking about something else?


Hi,

yes that is this exact command. You may change it to collect more 
internal data with requesting 'nscpentrywsi' attribute rather than '*'.


ldapsearch -LLL -h localhost -x -D "cn=Directory Manager" -w "..." \
-b "cn=users,cn=accounts,dc=..." '(uid=user1)' nscpentrywsi

regards
thierry



Thanks
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: Need help with confusing query results

[Edward Valley via FreeIPA-users]

Hi Thierry,

Do you want the output of:
ldapsearch -LLL -h localhost -x -D "cn=Directory Manager" -w "..." \
-b "cn=users,cn=accounts,dc=..." '(uid=user1)' '*'

Or are you talking about something else?

Thanks
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: Need help with confusing query results

[Thierry Bordaz via FreeIPA-users]

Hi Edward,

It is looking the fixup task stop upon the first error. I do not know if 
it is intentional or a bug. The error is possibly related to schema 
checking, could you send the ldif format of entry 'uid=user1, 
cn=users,...' ?


regards
thierry


On 1/29/22 11:36 PM, Edward Valley via FreeIPA-users wrote:

Hi Thierry,

Manually creating the task makes it run, but not with the expected result:

DATE_NOW="$(date +%s)"
ldapmodify -h localhost -D "cn=Directory Manager" -w "..." -a < fixup 
failed -> uid=user1,cn=users,cn=accounts,dc=... Operation
[...] - INFO - plugins/entryuuid/src/lib.rs:182 - task_handler -> fixup 
complete, success!

It simply stops when attempting to change the first user matching the filter.
If the filter directly points to a user that already has an entryUUID 
attribute, a success message is printed.

The error is maybe not related to the plugin, but I don't have any replication 
problem.
It isn't clear to me.

Thanks
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: Need help with confusing query results

[Edward Valley via FreeIPA-users]

Hi Thierry,

Manually creating the task makes it run, but not with the expected result:

DATE_NOW="$(date +%s)"
ldapmodify -h localhost -D "cn=Directory Manager" -w "..." -a < fixup 
failed -> uid=user1,cn=users,cn=accounts,dc=... Operation
[...] - INFO - plugins/entryuuid/src/lib.rs:182 - task_handler -> fixup 
complete, success!

It simply stops when attempting to change the first user matching the filter.
If the filter directly points to a user that already has an entryUUID 
attribute, a success message is printed.

The error is maybe not related to the plugin, but I don't have any replication 
problem.
It isn't clear to me.

Thanks
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: Need help with confusing query results

[Thierry Bordaz via FreeIPA-users]

Hi Edward,

I think you may try to create the task manually

ldapmodify -D "cn=directory manager" -w ... -a <,cn=entryuuid task,cn=tasks,cn=config
objectClass: top
objectClass: extensibleObject
basedn: 
cn: entryuuid_fixup_
!

If you want to fixup only specific entries you many add the following 
attribute to the task entry


filter: 

regards
thierry

On 1/28/22 5:35 PM, Edward Valley via FreeIPA-users wrote:

Hi,
Thanks for the tip.
Any workaround in the mean time?
I couldn't find one.
Thanks
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: Need help with confusing query results

[Edward Valley via FreeIPA-users]

Hi,
Thanks for the tip.
Any workaround in the mean time?
I couldn't find one.
Thanks
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: Need help with confusing query results

[Florence Blanc-Renaud via FreeIPA-users]

Hi,
the issue with "dsconf  plugin entryuuid fixup" is a known
issue, see *Bug 2036672*
 - Based on 1944494
(RFC 4530 entryUUID attribute) - plugin entryuuid failing

HTH,
flo

On Thu, Jan 27, 2022 at 5:53 AM Edward Valley via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> Hi,
>
> I realized that only users created after certain date has an entryUUID
> attribute, so query results are not confusing anymore, and as I can see it
> now, in the process of hiding private information, my first post is somehow
> misleading. Sorry about that.
>
> From the dnf logs on my system, I can see that date matches the date
> 389-ds-base was upgraded from 389-ds-base-1.4.3.16-16 to
> 389-ds-base-1.4.3.16-19, so I can guess the entryUUID plugin was included
> in Rocky Linux 8.4, and probably RHEL 8.4, around that time, although RHEL
> specify it as a new feature for release 8.5.
>
> RHEL 8.5 release notes, say we must run the following command to manualy
> add it to existing entries:
> # dsconf  plugin entryuuid fixup
> But it doesn't currently work on my system.
> I'll provide feedback once I figure it out.
>
> Thanks
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: Need help with confusing query results

[Edward Valley via FreeIPA-users]

Hi,

I realized that only users created after certain date has an entryUUID 
attribute, so query results are not confusing anymore, and as I can see it now, 
in the process of hiding private information, my first post is somehow 
misleading. Sorry about that.

From the dnf logs on my system, I can see that date matches the date 
389-ds-base was upgraded from 389-ds-base-1.4.3.16-16 to 
389-ds-base-1.4.3.16-19, so I can guess the entryUUID plugin was included in 
Rocky Linux 8.4, and probably RHEL 8.4, around that time, although RHEL specify 
it as a new feature for release 8.5.

RHEL 8.5 release notes, say we must run the following command to manualy add it 
to existing entries:
# dsconf  plugin entryuuid fixup
But it doesn't currently work on my system.
I'll provide feedback once I figure it out.

Thanks
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: Need help with confusing query results

[Edward Valley via FreeIPA-users]

Hi,
That setting was already set to 'off'

# dsconf localhost config get nsslapd-ignore-virtual-attrs
nsslapd-ignore-virtual-attrs: off

# dsconf localhost config replace nsslapd-ignore-virtual-attrs=on
Successfully replaced "nsslapd-ignore-virtual-attrs"

# dsconf localhost config get nsslapd-ignore-virtual-attrs
nsslapd-ignore-virtual-attrs: on

After changing it to 'on', the results were the same for both queries, even 
after restarting dirsrv.
Thanks
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: Need help with confusing query results

[Thierry Bordaz via FreeIPA-users]

Hi Edward,

would you run 'dsconf localhost config get nsslapd-ignore-virtual-attrs' 
and check its value. It should be 'on'.


Would you retry the same search after  setting it to 'off'  ?

thanks
thierry

On 1/24/22 10:16 PM, Edward Valley via FreeIPA-users wrote:

This is the version installed:
389-ds-base-1.4.3.23-12.module+el8.5.0+722+e2a0b219.x86_64

Thanks
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: Need help with confusing query results

[Edward Valley via FreeIPA-users]

This is the version installed:
389-ds-base-1.4.3.23-12.module+el8.5.0+722+e2a0b219.x86_64

Thanks
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: Need help with confusing query results

[Florence Blanc-Renaud via FreeIPA-users]

Hi,
I'm not able to reproduce the issue on fedora 35:

# ldapsearch -LLL -H ldap://`hostname`:389 -x -D cn=directory\ manager -w
Secret123 -b cn=users,cn=accounts,dc=ipa,dc=test -s sub
"(&(objectClass=inetOrgPerson)(uid=testuser1))" uid entryUUID
dn: uid=testuser1,cn=users,cn=accounts,dc=ipa,dc=test
uid: testuser1
entryUUID: a4684457-4497-4fd4-8d71-25c0b667fdeb
# rpm -qa 389-ds-base
389-ds-base-2.0.12-1.fc35.x86_64

Which version of 389-ds-base is installed on your system?
flo


On Sat, Jan 22, 2022 at 10:17 AM Edward Valley via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> Hi there.
>
> I'm using latest FreeIPA available on Rocky Linux 8.5
> VERSION: 4.9.6, API_VERSION: 2.245
>
> When I run the following LDAP query:
> ldapsearch -H "ldap://idm-host:389"; -x -s sub \
> -D "cn=Directory Manager" -w "dm-password" \
> -b "cn=users,cn=accounts,dc=..." \
> '(objectClass=inetOrgPerson)' \
> uid entryUUID
>
> I get the following result: (entryUUID is present)
> # user1, users, accounts, ...
> dn: uid=user1,cn=users,cn=accounts,dc=...
> uid: user1
> entryUUID: ----
>
> # user2, users, accounts, ...
> dn: uid=user2,cn=users,cn=accounts,dc=...
> uid: user2
> entryUUID: ----
>
> But, when I use this query:
> ldapsearch -H "ldap://idm-host:389"; -x -s sub \
> -D "cn=Directory Manager" -w "dm-password" \
> -b "cn=users,cn=accounts,dc=..." \
> '(&(objectClass=inetOrgPerson)(uid=user1))' \
> uid entryUUID
>
> The result is this one: (No entryUUID attribute)
> # user1, users, accounts, ...
> dn: uid=user1,cn=users,cn=accounts,dc=...
> uid: user1
>
> Can somebody please guide me on what's happening here?
> If you need more info just tell me.
> Thank you very much.
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure