RHDS 11 is returning entries from separate root suffixes.
Issue
After creating separate root suffixes ( one having as ending DN the DN of the shorter suffix - eg: ou=customers,dc=example,dc=com and dc=example,dc=com ), search operations behave differently depending of the RHDS version:
- RHDS 10: a search on the shorter suffix returns matching entries only from the related backend.
- RHDS 11: a search on the shorter suffix returns also matching entries from other backend(s).
For instance:
- There are two defined suffixes:
$ dsconf -D "cn=Directory Manager" ldaps://localhost:636 backend suffix list
Enter password for cn=Directory Manager on ldaps://localhost:636:
dc=example,dc=com (exampledb)
ou=customers,dc=example,dc=com (customersdb)
$
- There is no sub-suffix:
$ grep -ic parent-suffix /etc/dirsrv/slapd-<INSTANCE>/dse.ldif
0
$
- A search is returning data from the other root suffix:
$ ldapsearch -xLLL -H ldaps://localhost:636 -D "cn=Directory Manager" -W -b "dc=example,dc=com" uid=demo_user 1.1
Enter LDAP Password:
dn: uid=demo_user,ou=people,dc=example,dc=com
dn: uid=demo_user,ou=people,ou=customers,dc=example,dc=com
$
Environment
Red Hat Directory Server 11
Red Hat Enterprise Linux 8
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
