On 02/26/2013 02:19 PM, francesco.policastro@selex-es.com wrote:

Even worse: if I start the server using slapd.conf, not cn=config, the subtree-include directives seem to be ignored. With reference to the previously attached file if I search users from the root ( "dc=newco,dc=com") I find them also outside the included subtrees; e.g I find users under "ou=UsersDisable, ou=Users,ou=2nd-location,dc=first,dc=newco,dc=com". Is it there anything wrong in my config file? Did I misunderstand the directive?

According to your configuration file, whose relevant directives I summarized below, the entry

"ou=UsersDisable,ou=Users,ou=2nd-location,dc=first,dc=newco,dc=com"

matches the 3rd subtree-include of the 1st target (marked with [*]).

So it seems to behave as intended.

p.

-----

database meta suffix "dc=newco,dc=com" ... uri "ldap://server1.it.domain1.com/dc=first,dc=newco,dc=com" ... subtree-include "ou=Applications,ou=Groups Shared,dc=first,dc=newco,dc=com" subtree-include "ou=Users,ou=1st-location,dc=first,dc=newco,dc=com" subtree-include "ou=Users,ou=2nd-location,dc=first,dc=newco,dc=com" [*] subtree-include "ou=Users,ou=3rd-location,dc=first,dc=newco,dc=com" ...

uri "ldap://server2.domain2.net/ou=organizationalUnit,dc=second,dc=newco,dc=com" ... subtree-include "ou=Users,ou=1st-location,ou=organizationalUnit,dc=second,dc=newco,dc=com" subtree-include "ou=My-ou,ou=1st-location,ou=organizationalUnit,dc=second,dc=newco,dc=com" subtree-include "ou=Remote Sites,ou=organizationalUnit,dc=second,dc=newco,dc=com"