When I back up my directory server, I see a bunch of entries in the resulting LDIF which only include the RDN rather than the full DN. Here is one example:
# entry-id: 3 dn: ou=Groups nsUniqueId: 59ac5a03-1dce11ee-ae5b886f-9de8b2ea objectClass: top objectClass: organizationalunit ou: Groups creatorsName: cn=directory manager modifiersName: cn=directory manager createTimestamp: 20230708203145Z modifyTimestamp: 20230708203145Z I can’t find that entry when I search for its nsUniqueId. Restoring the LDIF to a new DS on a fresh OS install must put the entries in there, as they show up in the new system's backups; but ldapsearch can’t find them and affected user accounts are unusable. The command I’m using for the backup is: /usr/sbin/dsconf -D "$bind_dn" -y $pass_file ldap://localhost backend export -l $ldif_file userRoot The command for restores is likewise: /usr/sbin/dsconf -vvv -D "$bind_dn" -y $pass_file ldap://localhost backend import userRoot $ldif_file We loop checking the status of the import task, and when it has completed run a reindex. The LDIF file has 16,000 entries: 10000 with “good” DNs and 6000 with “bad” DNs: $ grep "^dn:" userRoot-latest.ldif | grep ',' | wc -l 9953 $ grep "^dn:" userRoot-latest.ldif | grep -v ',' | wc -l 5957 My system is running Rocky Linux 8.10 with 389-ds-base-2.0.15-1.module_el8+14185+adb3f555.x86_64. Anyone have any idea what’s going on, and how I might fix it? Have I missed something in the documentation? Thanks, James This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may be confidential and/or privileged. If you are not one of the named recipients or have received this email in error, (i) you should not read, disclose, or copy it, (ii) please notify sender of your receipt by reply email and delete this email and all attachments, (iii) Dassault Systèmes does not accept or assume any liability or responsibility for any use of or reliance on this email. Please be informed that your personal data are processed according to our data privacy policy as described on our website. Should you have any questions related to personal data protection, please contact 3DS Data Protection Officer https://www.3ds.com/privacy-policy/contact/
-- _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
