This is an automated email from the git hooks/post-receive script.

mreynolds pushed a commit to branch 389-ds-base-1.3.5 in repository 389-ds-base.

commit f05756349bc716c0a3aec96635a7d8b5bb07df7c Author: Mark Reynolds mreynolds@redhat.com Date: Mon Mar 20 17:35:10 2017 -0400

Issue 49065 - dbmon.sh fails if you have nsslapd-require-secure-binds enabled

Description: Add the ability to detect if security is enabled, if so connect using start TLS. Added a new param SERVID for specifying which instance you want to look at.

https://pagure.io/389-ds-base/issue/49065

Reviewed by: firstyear(Thanks!)

(cherry picked from commit eef2ee8f13d08ff713daa4b6ea539656ccf043ee) --- Makefile.am | 1 + ldap/admin/src/scripts/{dbmon.sh => dbmon.sh.in} | 62 ++++++++++++++++++++++-- man/man8/dbmon.sh.8 | 14 +++--- 3 files changed, 65 insertions(+), 12 deletions(-)

diff --git a/Makefile.am b/Makefile.am index 7458ab7..01ed664 100644 --- a/Makefile.am +++ b/Makefile.am @@ -156,6 +156,7 @@ CLEANFILES = dberrstrs.h ns-slapd.properties \ ldap/admin/src/scripts/usn-tombstone-cleanup.pl ldap/admin/src/scripts/verify-db.pl \ ldap/admin/src/scripts/ds_selinux_port_query ldap/admin/src/scripts/ds_selinux_enabled \ ldap/admin/src/scripts/dbverify ldap/admin/src/scripts/readnsstate \ + ldap/admin/src/scripts/dbmon.sh \ $(NULL)

clean-local: diff --git a/ldap/admin/src/scripts/dbmon.sh b/ldap/admin/src/scripts/dbmon.sh.in old mode 100755 new mode 100644 similarity index 81% rename from ldap/admin/src/scripts/dbmon.sh rename to ldap/admin/src/scripts/dbmon.sh.in index 3b8b4d1..4ee6adc --- a/ldap/admin/src/scripts/dbmon.sh +++ b/ldap/admin/src/scripts/dbmon.sh.in @@ -8,10 +8,11 @@ # END COPYRIGHT BLOCK #

+. @datadir@/@package_name@/data/DSSharedLib + DURATION=${DURATION:-0} INCR=${INCR:-1} -HOST=${HOST:-localhost} -PORT=${PORT:-389} +SERVID=${SERVID} BINDDN=${BINDDN:-"cn=directory manager"} BINDPW=${BINDPW:-"secret"} DBLIST=${DBLIST:-all} @@ -180,10 +181,63 @@ parseldif() { }

dodbmon() { + initfile=$(get_init_file "@initconfigdir@" $SERVID) + if [ $? -eq 1 ] + then + echo "You must supply a valid server instance identifier (via SERVID)." + echo "Available instances: $initfile" + exit 1 + fi + + . $initfile + + process_dse $CONFIG_DIR $$ + file="/tmp/DSSharedLib.$$" + port=$(grep -i 'nsslapd-port' $file | awk '{print $2}' ) + host=$(grep -i 'nsslapd-localhost' $file | awk '{print $2}' ) + security=$(grep -i 'nsslapd-security' $file | awk '{print $2}' ) + certdir=$(grep -i 'nsslapd-certdir' $file | awk '{print $2}' ) + rm $file + + if [ -n "$ldapiURL" ] + then + ldapiURL=`echo "$ldapiURL" | sed -e 's///%2f/g'` + ldapiURL="ldapi://"$ldapiURL + fi + + client_type=`ldapsearch -V 2>&1`; + echo "$client_type" | grep -q "OpenLDAP" + if [ $? -eq 0 ] + then + openldap="yes" + export LDAPTLS_CACERTDIR=$certdir + fi + + if [ -z $security ]; then + security="off" + fi + while [ 1 ] ; do date - ldapsearch -xLLL -h $HOST -p $PORT -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \ - | parseldif + if [ "$security" = "on" ]; then + # STARTTLS + if [ "$openldap" = "yes" ]; then + ldapsearch -x -LLL -ZZ -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \ + | parseldif + else + ldapsearch -ZZZ -P $certdir -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \ + | parseldif + fi + else + # LDAP + if [ "$openldap" = "yes" ]; then + ldapsearch -x -LLL -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \ + | parseldif + else + ldapsearch -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \ + | parseldif + fi + fi echo "" sleep $INCR done diff --git a/man/man8/dbmon.sh.8 b/man/man8/dbmon.sh.8 index 49e61d0..ad318a1 100644 --- a/man/man8/dbmon.sh.8 +++ b/man/man8/dbmon.sh.8 @@ -2,7 +2,7 @@ ." First parameter, NAME, should be all caps ." Second parameter, SECTION, should be 1-8, maybe w/ subsection ." other parameters are allowed: see man(7), man(1) -.TH DBMON.SH 8 "Jul 25, 2014" +.TH DBMON.SH 8 "Mar 20, 2017" ." Please adjust this date whenever revising the manpage. ." ." Some roff macros, for reference: @@ -18,7 +18,7 @@ .SH NAME dbmon.sh - Directory Server script for monitoring database and entry cache usage .SH SYNOPSIS -[INCR=num] [HOST=hostname] [PORT=num] [BINDDN=binddn] [BINDPW=password] [DBLIST=databases] [INDEXLIST=indexes] [VERBOSE=num] dbmon.sh +[INCR=num] [SERVID=server_id][BINDDN=binddn] [BINDPW=password] [DBLIST=databases] [INDEXLIST=indexes] [VERBOSE=num] dbmon.sh .SH DESCRIPTION dbmon.sh is a tool used to monitor database and entry cache usage. It is especially useful for database cache and entry/dn cache tuning - how much space is left, is the cache full, how much space on average do I need per entry/dn. .SH OPTIONS @@ -31,9 +31,7 @@ All arguments are optional, but you will most likely have to provide BINDPW .TP .B \fBINCR\fR - show results every INCR seconds - default is 1 second .TP -.B \fBHOST\fR - name of host or IP address - default is "localhost" -.TP -.B \fBPORT\fR - port number (LDAP not LDAPS) - default is 389 +.B \fBSERVID\fR - Name of the server instance .TP .B \fBBINDDN\fR - DN to use to bind - must have permission to read everything under cn=config - default is cn=Directory Manager .TP @@ -46,11 +44,11 @@ All arguments are optional, but you will most likely have to provide BINDPW .B \fBVERBOSE\fR - output level - 0 == suitable for parsing by a script - 1 == has column headings - 2 == provides detailed descriptions of the data - default is 0

.SH EXAMPLE -INCR=1 HOST=ldap.example.com BINDDN="cn=directory manager" BINDPW="secret" VERBOSE=2 dbmon.sh +INCR=1 SERVID=slapd-localhost BINDDN="cn=directory manager" BINDPW="secret" VERBOSE=2 dbmon.sh

.SH AUTHOR dbmon.sh was written by the 389 Project. .SH "REPORTING BUGS" -Report bugs to https://fedorahosted.org/389/newticket. +Report bugs to https://pagure.io/389-ds-base/new_issue .SH COPYRIGHT -Copyright (co 2014 Red Hat, Inc. +Copyright (co 2017 Red Hat, Inc.