[389-users] Re: DNA plugin not working

Hi Mark, Thanks for getting back to me. After adjusting nsslapd-errorlog-level, here’s what I’ve got. # grep dna-plugin /var/log/dirsrv/slapd-example/errors [13/Apr/2020:14:30:00.480608036 -0400] - DEBUG - dna-plugin - _dna_pre_op_add - dn does not match filter [13/Apr/2020:14:30:00.486700059 -0400] - DEBUG - dna-plugin - _dna_pre_op_add - adding uidNumber to uid=testuser1,ou=People,dc=example,dc=com as -2 [13/Apr/2020:14:30:00.559245389 -0400] - DEBUG - dna-plugin - _dna_pre_op_add - retrieved value 0 ret 1 [13/Apr/2020:14:30:00.561303217 -0400] - ERR - dna-plugin - _dna_pre_op_add - Failed to allocate a new ID!! 2 [13/Apr/2020:14:30:00.571360868 -0400] - DEBUG - dna-plugin - dna_pre_op - Operation failure [1] And here’s the DNA config: dn: cn=UID numbers,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config objectClass: top objectClass: extensibleObject cn: UID numbers dnaType: uidNumber dnamaxvalue: 100000 dnamagicregen: 0 dnafilter: (objectclass=posixAccount) dnascope: dc=example,dc=com dnanextvalue: 25000 dn: cn=GID numbers,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config objectClass: top objectClass: extensibleObject cn: GID numbers dnaType: gidNumber dnamaxvalue: 100000 dnamagicregen: 0 dnafilter: (objectclass=posixGroup) dnascope: dc=example,dc=com dnanextvalue: 25000 Best regards, James > On Apr 13, 2020, at 2:25 PM, Mark Reynolds <mreynolds(a)redhat.com&gt; wrote: > > Enabling plugin logging will provide a little more detail about what is going wrong: > > ldapmodify -D "cn=directory manager" -W > dn: cn=config > changetype: modify > replace: nsslapd-errorlog-level > nsslapd-errorlog-level: 65536 > > > After running the test you can disable the debug plugin logging by setting the log level to zero. > > Then share what information is logging when you add a new user. This is most likely a configuration error so hopefully we can find out what went wrong in your set up. Can you also provide the DNA config entries? > > Thanks, > > Mark > > On 4/13/20 1:50 PM, CHAMBERLAIN James wrote: >> Hi all, >> >> I’m trying to use the DNA plugin to add uidNumbers on posixAccounts. Everything worked fine in testing, but now that it’s in production I’m seeing the following error: >> >> ERR - dna-plugin -_dna_pre_op_add - Failed to allocate a new ID!! 2 >> >> I’ve followed the advice in the knowledge base (https://access.redhat.com/solutions/875133), about adding an equality index with an nsMatchingRule of integerOrderingMatch, but have not seen any difference in the server’s behavior. Any ideas what I should try next? >> >> Thanks, >> >> James >> This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may be confidential and/or privileged. >> If you are not one of the named recipients or have received this email in error, >> (i) you should not read, disclose, or copy it, >> (ii) please notify sender of your receipt by reply email and delete this email and all attachments, >> (iii) Dassault Systèmes does not accept or assume any liability or responsibility for any use of or reliance on this email. >> >> Please be informed that your personal data are processed according to our data privacy policy as described on our website. Should you have any questions related to personal data protection, please contact 3DS Data Protection Officer at 3DS.compliance-privacy(a)3ds.com >> >> For other languages, go to https://www.3ds.com/terms/email-disclaimer >> >> >> _______________________________________________ >> 389-users mailing list -- >> 389-users(a)lists.fedoraproject.org >> >> To unsubscribe send an email to >> 389-users-leave(a)lists.fedoraproject.org >> >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> >> List Guidelines: >> https://fedoraproject.org/wiki/Mailing_list_guidelines >> >> List Archives: >> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje... > -- > > 389 Directory Server Development Team > This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may be confidential and/or privileged. If you are not one of the named recipients or have received this email in error, (i) you should not read, disclose, or copy it, (ii) please notify sender of your receipt by reply email and delete this email and all attachments, (iii) Dassault Systèmes does not accept or assume any liability or responsibility for any use of or reliance on this email. Please be informed that your personal data are processed according to our data privacy policy as described on our website. Should you have any questions related to personal data protection, please contact 3DS Data Protection Officer at 3DS.compliance-privacy@3ds.com<mailto:3DS.compliance-privacy@3ds.com> For other languages, go to https://www.3ds.com/terms/email-disclaimer