On Tue, Nov 03, 2015 at 01:09:53PM +0100, Troels Hansen wrote:
> Hi again, so I finally got time to look further into this.
> 
> This task works:
> 
> dn: cn=$TIME-$FQDN-$LIBARCH,cn=ipa-sidgen-task,cn=tasks,cn=config
> add:objectclass:top,extensibleObject
> add:cn:$TIME-$FQDN-$LIBARCH
> add:nsslapd-basedn:"$SUFFIX"
> add:delay:0
> add:ttl:3600
> 
> However, the task gets generated, but no output can be pulled from the task:
> 
> ldapsearch -D "cn=Directory Manager" -W -b 
> 'cn=1446551851-kenai.casalogic.lan-64,cn=ipa-sidgen-task,cn=tasks,cn=config'
> Enter LDAP Password: 
> # extended LDIF
> #
> # LDAPv3
> # base 
> <cn=1446551851-kenai.casalogic.lan-64,cn=ipa-sidgen-task,cn=tasks,cn=config> 
> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
> 
> # 1446551851-kenai.casalogic.lan-64, ipa-sidgen-task, tasks, config
> dn: cn=1446551851-kenai.casalogic.lan-64,cn=ipa-sidgen-task,cn=tasks,cn=config
> objectClass: top
> objectClass: extensibleObject
> nsslapd-basedn: dc=casalogic,dc=lan
> delay: 0
> cn: 1446551851-kenai.casalogic.lan-64
> ttl: 3600
> nstaskcurrentitem: 1
> nstasktotalitems: 1
> nstaskexitcode: 32
> 
> # search result
> search: 2
> result: 0 Success
> 
> # numResponses: 2
> # numEntries: 
> 
> Only a exitcode 32
> The nstaskcurrentitem and nstasktotalitems remains the same till the task 
> disappeares.
> Any way do debug these taske further to find out which user it stops at, as 
> it looks like it detects an error at one user and stops the task?

You can activate 'Plug-in debugging' by setting the
nsslapd-errorlog-level attribute of cn=config to 65536, see
http://www.port389.org/docs/389ds/FAQ/faq.html#troubleshooting for
details. Make sure to switch it back to 0 after running the sidgen task
because the logging is quite expensive.

HTH

bye,
Sumit

> 
> ----- On Oct 30, 2015, at 3:19 PM, Alexander Bokovoy aboko...@redhat.com 
> wrote:
> 
> > On Fri, 30 Oct 2015, Troels Hansen wrote:
> >>
> >>
> >>
> >>> I think it should be
> >>> add:nsslapd-basedn: cn=accounts,$SUFFIX
> >>> not
> >>> add:basedn:"cn=accounts,$SUFFIX"
> >>>
> >>> this is what sidgen task expects and it returns constraint violation
> >>> error if parameters are wrong:
> >>>
> >>>    str = fetch_attr(e, "nsslapd-basedn", NULL);
> >>>    if (str == NULL) {
> >>>        LOG_FATAL("Missing nsslapd-basedn!\n");
> >>>        *returncode = LDAP_CONSTRAINT_VIOLATION;
> >>>        ret = SLAPI_DSE_CALLBACK_ERROR;
> >>>        goto done;
> >>>    }
> >>>
> >>
> >>I think you are right.
> >>Don't know what I have tested, but it brings me a different error, that I 
> >>didn't
> >>see before:
> >>
> >>ipa.ipapython.ipaldap.IPAdmin: DEBUG: Unhandled LDAPError: OPERATIONS_ERROR:
> >>{'desc': 'Operations error'}
> >>ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR: Add failure Operations
> >>error:
> >>ipa.ipaserver.install.ipa_ldap_updater.LDAPUpdater_NonUpgrade: INFO: The
> >>ipa-ldap-updater command was successful
> >>
> >>Where did you find the source for the sidgen task? I could try  looking at 
> >>at it
> >>myself, but can't find it.
> > You can check it here:
> > https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/ipa-sidgen/ipa_sidgen_task.c#n221
> > 
> > --
> > / Alexander Bokovoy
> 
> -- 
> Med venlig hilsen 
> 
> Troels Hansen 
> 
> Systemkonsulent 
> 
> Casalogic A/S 
> 
> 
> T (+45) 70 20 10 63 
> 
> M (+45) 22 43 71 57 
> 
> Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og 
> meget mere.
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to