Bug 2204486

Summary: Old way of creating a Root Suffix no longer works with RHDS 12.
Product: Red Hat Directory Server Reporter: Têko Mihinto <tmihinto>
Component: 389-ds-baseAssignee: LDAP Maintainers <idm-ds-dev-bugs>
Status: CLOSED NOTABUG QA Contact: LDAP QA Team <idm-ds-qe-bugs>
Severity: medium Docs Contact: Evgenia Martynyuk <emartyny>
Priority: unspecified    
Version: 12.0CC: idm-ds-dev-bugs, musoni, pasik, vashirov
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-08-16 15:36:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Têko Mihinto 2023-05-15 17:13:21 UTC 
Description of problem:
Creating a root suffix using an LDIF file is failing.

Version-Release number of selected component (if applicable):
$ cat /etc/redhat-release
Red Hat Enterprise Linux release 9.0 (Plow)
$

$ rpm -qa | grep ^389-ds
389-ds-base-libs-2.0.14-1.el9.x86_64
389-ds-base-2.0.14-1.el9.x86_64
$

How reproducible:
Always.

Steps to Reproduce:

1. Try to create a root suffix using an LDIF file:

$ cat /var/tmp/root_suffix.ldif
dn: cn="dc=example,dc=com",cn=mapping tree,cn=config
changetype: add
cn: dc=example,dc=com
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
nsslapd-state: backend
nsslapd-backend: UserData
$

$ ldapmodify -x -D "cn=Directory Manager" -W -H ldap://localhost:389 -y /root/DM.txt -f /var/tmp/root_suffix.ldif
adding new entry "cn="dc=example,dc=com",cn=mapping tree,cn=config"
ldap_add: Server is unwilling to perform (53)

$

2. Access log excerpt:

[15/May/2023:18:45:52.765402543 +0200] conn=8 op=0 BIND dn="cn=Directory Manager" method=128 version=3
[15/May/2023:18:45:52.765654302 +0200] conn=8 op=0 RESULT err=0 tag=97 nentries=0 wtime=0.000138707 optime=0.000278963 etime=0.000414660 dn="cn=directory manager"
[15/May/2023:18:45:52.766222207 +0200] conn=8 op=1 ADD dn="cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config"
[15/May/2023:18:45:52.768894801 +0200] conn=8 op=1 RESULT err=53 tag=105 nentries=0 wtime=0.000212508 optime=0.002677374 etime=0.002883843

3. Errors log excerpt:

[15/May/2023:18:45:52.766414332 +0200] - ERR - mapping_tree_entry_add - The subtree dc=example,dc=com does not match any existing backends, and will not be created.


Actual results:
Failure to create the root suffix.

Expected results:
Successful creation.

Additional info:

The creation of the root suffix works fine if the backend definition is already present:

$ cat /var/tmp/backend.ldif
dn: cn=UserData,cn=ldbm database,cn=plugins,cn=config
changetype: add
objectclass: extensibleObject
objectclass: nsBackendInstance
nsslapd-suffix: dc=example,dc=com
$

$ ldapmodify -x -D "cn=Directory Manager" -W -H ldap://localhost:389 -y /root/DM.txt -f /var/tmp/backend.ldif
adding new entry "cn=UserData,cn=ldbm database,cn=plugins,cn=config"

$
$ ldapmodify -x -D "cn=Directory Manager" -W -H ldap://localhost:389 -y /root/DM.txt -f /var/tmp/root_suffix.ldif
adding new entry "cn="dc=example,dc=com",cn=mapping tree,cn=config"

$

In older RHDS 10 documentation [1], the steps are detailed in the following order:
* 2.1.1.3. Creating Root and Sub Suffixes using the Command Line
* 2.2.1.2. Creating a New Database for a Single Suffix from the Command Line

Thus some customers have scripts which are trying to create the root suffix prior to adding the backend definition.

Using any order works fine with both RHDS 10 and RHDS 11.

[1] https://access.redhat.com/sites/default/files/attachments/red_hat_directory_server-10-administration_guide-en-us_part-1.pdf