Bug 2204486 - Old way of creating a Root Suffix no longer works with RHDS 12.
Summary: Old way of creating a Root Suffix no longer works with RHDS 12.
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: 389-ds-base
Version: 12.0
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
: ---
Assignee: LDAP Maintainers
QA Contact: LDAP QA Team
Evgenia Martynyuk
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-05-15 17:13 UTC by Têko Mihinto
Modified: 2023-08-16 15:36 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-08-16 15:36:06 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 7013239 0 None None None 2023-05-16 09:08:31 UTC

Description Têko Mihinto 2023-05-15 17:13:21 UTC 
Description of problem:
Creating a root suffix using an LDIF file is failing.

Version-Release number of selected component (if applicable):
$ cat /etc/redhat-release
Red Hat Enterprise Linux release 9.0 (Plow)
$

$ rpm -qa | grep ^389-ds
389-ds-base-libs-2.0.14-1.el9.x86_64
389-ds-base-2.0.14-1.el9.x86_64
$

How reproducible:
Always.

Steps to Reproduce:

1. Try to create a root suffix using an LDIF file:

$ cat /var/tmp/root_suffix.ldif
dn: cn="dc=example,dc=com",cn=mapping tree,cn=config
changetype: add
cn: dc=example,dc=com
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
nsslapd-state: backend
nsslapd-backend: UserData
$

$ ldapmodify -x -D "cn=Directory Manager" -W -H ldap://localhost:389 -y /root/DM.txt -f /var/tmp/root_suffix.ldif
adding new entry "cn="dc=example,dc=com",cn=mapping tree,cn=config"
ldap_add: Server is unwilling to perform (53)

$

2. Access log excerpt:

[15/May/2023:18:45:52.765402543 +0200] conn=8 op=0 BIND dn="cn=Directory Manager" method=128 version=3
[15/May/2023:18:45:52.765654302 +0200] conn=8 op=0 RESULT err=0 tag=97 nentries=0 wtime=0.000138707 optime=0.000278963 etime=0.000414660 dn="cn=directory manager"
[15/May/2023:18:45:52.766222207 +0200] conn=8 op=1 ADD dn="cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config"
[15/May/2023:18:45:52.768894801 +0200] conn=8 op=1 RESULT err=53 tag=105 nentries=0 wtime=0.000212508 optime=0.002677374 etime=0.002883843

3. Errors log excerpt:

[15/May/2023:18:45:52.766414332 +0200] - ERR - mapping_tree_entry_add - The subtree dc=example,dc=com does not match any existing backends, and will not be created.


Actual results:
Failure to create the root suffix.

Expected results:
Successful creation.

Additional info:

The creation of the root suffix works fine if the backend definition is already present:

$ cat /var/tmp/backend.ldif
dn: cn=UserData,cn=ldbm database,cn=plugins,cn=config
changetype: add
objectclass: extensibleObject
objectclass: nsBackendInstance
nsslapd-suffix: dc=example,dc=com
$

$ ldapmodify -x -D "cn=Directory Manager" -W -H ldap://localhost:389 -y /root/DM.txt -f /var/tmp/backend.ldif
adding new entry "cn=UserData,cn=ldbm database,cn=plugins,cn=config"

$
$ ldapmodify -x -D "cn=Directory Manager" -W -H ldap://localhost:389 -y /root/DM.txt -f /var/tmp/root_suffix.ldif
adding new entry "cn="dc=example,dc=com",cn=mapping tree,cn=config"

$

In older RHDS 10 documentation [1], the steps are detailed in the following order:
* 2.1.1.3. Creating Root and Sub Suffixes using the Command Line
* 2.2.1.2. Creating a New Database for a Single Suffix from the Command Line

Thus some customers have scripts which are trying to create the root suffix prior to adding the backend definition.

Using any order works fine with both RHDS 10 and RHDS 11.

[1] https://access.redhat.com/sites/default/files/attachments/red_hat_directory_server-10-administration_guide-en-us_part-1.pdf
Note You need to log in before you can comment on or make changes to this bug.