Hi,
the compat tree is not replicated, it is a virtual tree created locally on each server. Do you have exactly the same packages for slapi-nis on both replicas? There were some known issues with the compat tree related to base searches and different versions may produce a different behavior because of this known issue. For instance see *Bug 1979619* https://bugzilla.redhat.com/show_bug.cgi?id=1979619 - With base object scope, ldapsearch against compat tree does not return any data on Rhel8 IPA servers.
HTH, flo
On Tue, Feb 28, 2023 at 4:02 AM danila kuzovlev via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
No, there isn't AD users in my FreeIPA domain. We use a role-based access to resources, and it is a reason why I search in compat - in many situations we need to see indirect member UIDs in groups. The point is that the output is not the same for X.X.X.X and Y.Y.Y.Y replicas. May be I expressed incorrectly, but in fact I have a two questions:
- Why same ldapsearch question to different replicas in FreeIPA return
different results? In the post above replica X.X.X.X has no entries in answer, but replica Y.Y.Y.Y has one entry 2) Why replica X.X.X.X with search in SUBTREE scope returns one entry, but with BASE scope there is no entries in answer. I would like advice on where to look the answer of this replica's behavior. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue