Sorry! I mistyped the uri where the user is found (this happens because I saw this behaviour on the real configuration and I had to massage it). The search command, issued from the openldap server itself, is:
ldapsearch -xLLL -H ldap:/// -D ""cn=LdapBindUser,dc=newco,dc=com" -w secret1 -E pr=647/noprompt -b 'DC=newco,DC=com' 'sn=policastro' dn
I find two records, one correct and one unexpected:
dn: cn=Policastro Francesco,ou=Users,ou=2nd-location,dc=first,dc=newco,dc=com" (matches the line marked with *)
dn: cn=Policastro Francesco,ou=UsersDisable,dc=second,dc=newco,dc=com
Francesco Policastro
From: Pierangelo Masarati masarati@aero.polimi.it To: openldap-technical@openldap.org Date: 27/02/2013 10:36 Subject: Re: meta backend subtree directive ignored by conversion to cn=config Sent by: openldap-technical-bounces@OpenLDAP.org
On 02/26/2013 02:19 PM, francesco.policastro@selex-es.com wrote:
Even worse: if I start the server using slapd.conf, not cn=config, the subtree-include directives seem to be ignored. With reference to the previously attached file if I search users from
the
root ( "dc=newco,dc=com") I find them also outside the included
subtrees;
e.g I find users under "ou=UsersDisable, ou=Users,ou=2nd-location,dc=first,dc=newco,dc=com". Is it there anything wrong in my config file? Did I misunderstand the directive?
According to your configuration file, whose relevant directives I summarized below, the entry
"ou=UsersDisable,ou=Users,ou=2nd-location,dc=first,dc=newco,dc=com"
matches the 3rd subtree-include of the 1st target (marked with [*]).
So it seems to behave as intended.
p.
-----
database meta suffix "dc=newco,dc=com" ... uri "ldap://server1.it.domain1.com/dc=first,dc=newco,dc=com" ... subtree-include "ou=Applications,ou=Groups Shared,dc=first,dc=newco,dc=com" subtree-include "ou=Users,ou=1st-location,dc=first,dc=newco,dc=com" subtree-include "ou=Users,ou=2nd-location,dc=first,dc=newco,dc=com" [*] subtree-include "ou=Users,ou=3rd-location,dc=first,dc=newco,dc=com" ...
uri "ldap://server2.domain2.net/ou=organizationalUnit,dc=second,dc=newco,dc=com" ... subtree-include "ou=Users,ou=1st-location,ou=organizationalUnit,dc=second,dc=newco,dc=com" subtree-include "ou=My-ou,ou=1st-location,ou=organizationalUnit,dc=second,dc=newco,dc=com" subtree-include "ou=Remote Sites,ou=organizationalUnit,dc=second,dc=newco,dc=com"