Hi, There close to a dozen 389-DS as part of our FreeIPA infra. On one of these servers, I'm encountering a strange problem.
We monitor the state of replication among the 389 servers using a python-ldap based script. This works on all servers except 1. What I'm doing is fairly basic. Something along lines of ; ldapsearch -x -b cn=config '(objectclass=nsds5replicationagreement)' nsds5replicaLastUpdateStatus -LLL -o ldif-wrap=no Corresponding python code is below; conn.search_s("cn=config" ,ldap.SCOPE_SUBTREE, '(objectclass=nsds5replicationagreement)', ["nsDS5ReplicaHost", "nsds5replicaLastUpdateStatus", "nsds5replicaLastUpdateStart", "nsds5replicaLastUpdateEnd"]) Now for the strange issue. The above commands return the status of replication on all servers except 1 which returns an empty response. This happens only for the python and the example perl script here <http://directory.fedoraproject.org/docs/389ds/howto/howto-replicationmonitoring.html>. The ldapsearch command works fine!!! Below is the log from a server where this runs fine. [18/Jan/2016:07:09:19 +0000] conn=420951 fd=564 slot=564 connection from ::1 to ::1 [18/Jan/2016:07:09:19 +0000] conn=420951 op=0 BIND dn="" method=128 version=3 [18/Jan/2016:07:09:19 +0000] conn=420951 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [18/Jan/2016:07:09:19 +0000] conn=420951 op=1 SRCH base="cn=config" scope=2 filter="(objectClass=nsds5replicationagreement)" attrs="nsDS5ReplicaHost nsds5replicaLastUpdateStatus nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd" [18/Jan/2016:07:09:19 +0000] conn=420951 op=1 RESULT err=0 tag=101 nentries=3 etime=0 [18/Jan/2016:07:09:19 +0000] conn=420951 op=2 UNBIND [18/Jan/2016:07:09:19 +0000] conn=420951 op=2 fd=564 closed - U1 Below is the log from the 1 server where this fails. [18/Jan/2016:07:05:20 +0000] conn=226 fd=80 slot=80 connection from ::1 to ::1 [18/Jan/2016:07:05:20 +0000] conn=226 op=0 BIND dn="" method=128 version=3 [18/Jan/2016:07:05:20 +0000] conn=226 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [18/Jan/2016:07:05:20 +0000] conn=226 op=1 SRCH base="cn=config" scope=2 filter="(objectClass=nsds5replicationagreement)" attrs="nsDS5ReplicaHost nsds5replicaLastUpdateStatus nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd" [18/Jan/2016:07:05:20 +0000] conn=226 op=1 RESULT err=0 tag=101 nentries=0 etime=0 [18/Jan/2016:07:05:20 +0000] conn=226 op=2 UNBIND [18/Jan/2016:07:05:20 +0000] conn=226 op=2 fd=80 closed - U1 I have an ACI which allows anonymous access to the replication info. Version is : 389-ds-base-1.3.3.13-1.fc21.x86_64 Any help would be appreciated. Thanks. --Prashant
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org