<div dir="ltr"><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif">Rich, </div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif"><br></div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif">Version is 389-ds-base-1.3.3.8-1.fc21.x86_64</div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif"><br></div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif">Below is the "ldapsearch" command that works on the LDAP server.</div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif"><br></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div class="gmail_default" style=""><font face="monospace, monospace">ldapsearch -x -b "uid=testuser,cn=users,cn=accounts,dc=example,dc=com"</font></div></blockquote><div class="gmail_default" style=""><font face="trebuchet ms, sans-serif"><br></font></div><div class="gmail_default" style=""><font face="trebuchet ms, sans-serif">Below is an excerpt of the python script.</font></div><div class="gmail_default" style=""><font face="trebuchet ms, sans-serif"><br></font></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace">#!/usr/bin/env python</font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace">import sys</font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace">import ldap</font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace">from ldap import LDAPError</font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace"><br></font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace">SUFFIX = "dc=example,dc=com"</font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace">LDAPSERVER = "<a href="http://ipa.example.com">ipa.example.com</a>"</font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace"><br></font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace">if not len(sys.argv) == 2:</font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace"> raise sys.exit("Wrong arguments. Only argument should be the username")</font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace"><br></font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace">uid = sys.argv[1]</font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace">search = "uid=%s,cn=users,cn=accounts,%s" % (uid, SUFFIX)</font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace"><br></font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace">try:</font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace"> conn = ldap.initialize("ldap://%s" % (LDAPSERVER))</font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace"> conn.simple_bind_s()</font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace"> response = conn.search_s(search ,ldap.SCOPE_BASE, "(objectClass=*)", ["ipaSshPubKey", "ipaSshSigTimestamp", "loginshell"])</font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace">except LDAPError, e:</font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace"> print e</font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace"> print "Error getting info from LDAP. Either wrong username or issues with LDAP server "</font></div></div><div class="gmail_default" style=""><div class="gmail_default"><font face="monospace, monospace"> raise sys.exit(-1)</font></div></div></blockquote><div class="gmail_default" style=""><font face="trebuchet ms, sans-serif"><div class="gmail_default"><br></div><div class="gmail_default"><br></div></font></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 3 September 2015 at 19:17, Rich Megginson <span dir="ltr"><<a href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span class="">
<div>On 09/02/2015 09:45 PM, Prashant Bapat
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Hi,</div>
<div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br>
</div>
<div class="gmail_default" style="font-family:trebuchet ms,sans-serif">We have been using 389-ds as part of FreeIPA.
In one of our environments, we have 2 389-ds installations
with replication. <br>
</div>
</div>
</blockquote>
<br></span>
What version? rpm -q 389-ds-base<span class=""><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br>
</div>
<div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Randomly, the 389-ds on either of them
completely freezes and there are high number of CLOSE_WAITs on
tcp/389 port. <br>
</div>
</div>
</blockquote>
<br>
</span><a href="http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-hangs" target="_blank">http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-hangs</a><span class=""><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br>
</div>
<div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Only way to recover from this situation is to
either reboot or "kill -9" the ns-slapd process. Graceful
restarts get stuck indefinitely. </div>
<div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br>
</div>
<div class="gmail_default" style="font-family:trebuchet ms,sans-serif">One curious thing when this happens, a search
using "ldapsearch" command seems to work but a search using a
python-ldap client does not. FreeIPA does not work either. <br>
</div>
</div>
</blockquote>
<br></span>
Can you be more specific? What is the exact ldapsearch command
line, and can you post/pastebin an excerpt of your python-ldap
script?<br>
<br>
<blockquote type="cite"><span class="">
<div dir="ltr">
<div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br>
</div>
<div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Any pointers on troubleshooting this would be
appreciated. </div>
<div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br>
</div>
<div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Thanks.</div>
<div class="gmail_default" style="font-family:trebuchet ms,sans-serif">--Prashant</div>
</div>
<br>
<fieldset></fieldset>
<br>
</span><span class="HOEnZb"><font color="#888888"><pre>--
389 users mailing list
<a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</font></span></blockquote>
<br>
</div>
<br>--<br>
389 users mailing list<br>
<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" rel="noreferrer" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br></blockquote></div><br></div>