<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 09/03/2015 09:02 AM, Prashant Bapat
wrote:<br>
</div>
<blockquote
cite="mid:CAN9aUriXMyaxeGUKvBv5szawJu64fH_3w4QtU9TDAM-r9X+V4g@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_default" style="font-family:'trebuchet
ms',sans-serif">Rich, </div>
<div class="gmail_default" style="font-family:'trebuchet
ms',sans-serif"><br>
</div>
<div class="gmail_default" style="font-family:'trebuchet
ms',sans-serif">Version is 389-ds-base-1.3.3.8-1.fc21.x86_64</div>
<div class="gmail_default" style="font-family:'trebuchet
ms',sans-serif"><br>
</div>
<div class="gmail_default" style="font-family:'trebuchet
ms',sans-serif">Below is the "ldapsearch" command that works
on the LDAP server.</div>
<div class="gmail_default" style="font-family:'trebuchet
ms',sans-serif"><br>
</div>
<blockquote style="margin:0 0 0 40px;border:none;padding:0px">
<div class="gmail_default" style=""><font face="monospace,
monospace">ldapsearch -x -b
"uid=testuser,cn=users,cn=accounts,dc=example,dc=com"</font></div>
</blockquote>
</div>
</blockquote>
<br>
<font face="monospace, monospace">In python this would be<br>
</font><br>
<font face="monospace, monospace"><font face="monospace, monospace">ldap.initialize(<a class="moz-txt-link-rfc2396E" href="ldap://localhost">"ldap://localhost"</a>)
[1]<br>
</font></font><font face="monospace, monospace"><font
face="monospace, monospace"><font face="monospace, monospace">conn.simple_bind_s()</font>
[2]</font></font>
<div class="gmail_default"><font face="monospace, monospace">response
= conn.search_s(</font><font face="monospace, monospace"><font
face="monospace, monospace">"uid=testuser,cn=users,cn=accounts,dc=example,dc=com"</font>,ldap.SCOPE_BASE)
[3]<br>
<br>
</font></div>
<font face="monospace, monospace"><font face="monospace, monospace">[1]
is different than "ipa.example.com" - so one possibility is that
DNS is not working correctly due to DS - but it depends on where
the script is hung<br>
[2] is the same - anonymous bind<br>
[3] assuming uid is "testuser", then the base is the same in
your python script - however, in your python script, you are
asking for a specific attribute list </font></font><font
face="monospace, monospace"><font face="monospace, monospace"><font
face="monospace, monospace">["ipaSshPubKey",
"ipaSshSigTimestamp", "loginshell"] - not sure why that would
make a difference<br>
<br>
So, inconclusive. Will need to see the stacktrace from gdb
when the server is hung.<br>
<br>
Also, do you have any errors in the errors log?<br>
</font><br>
</font></font>
<blockquote
cite="mid:CAN9aUriXMyaxeGUKvBv5szawJu64fH_3w4QtU9TDAM-r9X+V4g@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_default" style=""><font face="trebuchet ms,
sans-serif"><br>
</font></div>
<div class="gmail_default" style=""><font face="trebuchet ms,
sans-serif">Below is an excerpt of the python script.</font></div>
<div class="gmail_default" style=""><font face="trebuchet ms,
sans-serif"><br>
</font></div>
<blockquote style="margin:0 0 0 40px;border:none;padding:0px">
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace">#!/usr/bin/env
python</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace">import
sys</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace">import
ldap</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace">from
ldap import LDAPError</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace"><br>
</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace">SUFFIX
= "dc=example,dc=com"</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace">LDAPSERVER
= "<a moz-do-not-send="true"
href="http://ipa.example.com">ipa.example.com</a>"</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace"><br>
</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace">if
not len(sys.argv) == 2:</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace">
raise sys.exit("Wrong arguments. Only argument should
be the username")</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace"><br>
</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace">uid
= sys.argv[1]</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace">search
= "uid=%s,cn=users,cn=accounts,%s" % (uid, SUFFIX)</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace"><br>
</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace">try:</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace">
conn = ldap.initialize(<a class="moz-txt-link-rfc2396E" href="ldap://%s">"ldap://%s"</a> % (LDAPSERVER))</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace">
conn.simple_bind_s()</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace">
response = conn.search_s(search ,ldap.SCOPE_BASE,
"(objectClass=*)", ["ipaSshPubKey",
"ipaSshSigTimestamp", "loginshell"])</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace">except
LDAPError, e:</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace">
print e</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace">
print "Error getting info from LDAP. Either wrong
username or issues with LDAP server "</font></div>
</div>
<div class="gmail_default" style="">
<div class="gmail_default"><font face="monospace, monospace">
raise sys.exit(-1)</font></div>
</div>
</blockquote>
<div class="gmail_default" style=""><font face="trebuchet ms,
sans-serif">
<div class="gmail_default"><br>
</div>
<div class="gmail_default"><br>
</div>
</font></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 3 September 2015 at 19:17, Rich
Megginson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span class="">
<div>On 09/02/2015 09:45 PM, Prashant Bapat wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif">Hi,</div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"><br>
</div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif">We
have been using 389-ds as part of FreeIPA. In one
of our environments, we have 2 389-ds
installations with replication. <br>
</div>
</div>
</blockquote>
<br>
</span> What version? rpm -q 389-ds-base<span class=""><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"><br>
</div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif">Randomly,
the 389-ds on either of them completely freezes
and there are high number of CLOSE_WAITs on
tcp/389 port. <br>
</div>
</div>
</blockquote>
<br>
</span><a moz-do-not-send="true"
href="http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-hangs"
target="_blank">http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-hangs</a><span
class=""><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"><br>
</div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif">Only
way to recover from this situation is to either
reboot or "kill -9" the ns-slapd process. Graceful
restarts get stuck indefinitely. </div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"><br>
</div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif">One
curious thing when this happens, a search using
"ldapsearch" command seems to work but a search
using a python-ldap client does not. FreeIPA does
not work either. <br>
</div>
</div>
</blockquote>
<br>
</span> Can you be more specific? What is the exact
ldapsearch command line, and can you post/pastebin an
excerpt of your python-ldap script?<br>
<br>
<blockquote type="cite"><span class="">
<div dir="ltr">
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"><br>
</div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif">Any
pointers on troubleshooting this would be
appreciated. </div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif"><br>
</div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif">Thanks.</div>
<div class="gmail_default"
style="font-family:trebuchet ms,sans-serif">--Prashant</div>
</div>
<br>
<fieldset></fieldset>
<br>
</span><span class="HOEnZb"><font color="#888888">
<pre>--
389 users mailing list
<a moz-do-not-send="true" href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a>
<a moz-do-not-send="true" href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</font></span></blockquote>
<br>
</div>
<br>
--<br>
389 users mailing list<br>
<a moz-do-not-send="true"
href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
<a moz-do-not-send="true"
href="https://admin.fedoraproject.org/mailman/listinfo/389-users"
rel="noreferrer" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
389 users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</body>
</html>