Ben Steeves wrote:
On 5/29/06, Richard Megginson <rmeggins(a)redhat.com> wrote:
> > On a test server, I've set up a "master" suffix,
"dc=com", and created
> > directory links to "dc=one,dc=com" and "dc=two,dc=com".
I've added
> > the proxy ACI on the One and Two LDAP directories. When I search the
> > test server, I can successfully find objects in the One tree, so it's
> > half working -- but the Two tree doesn't work. I've check and
> > re-checked and everything appears kosher.
> Does the other LDAP server have dc=com and two sub suffixes
> dc=one,dc=com and dc=two,dc=com? Each with their own "real" database?
Thanks for taking the time to reply, Richard...
The server with the real databases has two suffixes: "dc=one,dc=com"
and "dc=two,dc=com". "dc=com" doesn't exist. Both suffixes have
real
databaes and work if I query them individually.
I wouldn't be so frustrated if nothing was working, but the fact that
searching with a base of "dc=com" for a UID that appears in
"dc=one,dc=com" works but searching for a UID that appears in
"dc=two,dc=com" doesn't is what's really bugging me. I went so far as
deleting the "dc=one,dc=com" link, but the Two link still doesn't
work, even if it's the only one. The root ACIs on One and Two are
exactly the same (with the obvious changes for the different suffixes
of course).
You could try enabling the trace level logging and the plugin level
logging for the error log - perhaps there is a clue in the error log.
> >
> > Am I barking up the wrong tree? Is there an easier way to do this?
> > Should I give up and take up basket weaving as a nice, harmless job,
> > and forget systems administration altogether?
> It's difficult to say for sure without reviewing all of your
> configuration.
Anything semi-specific you'd be curious about?