No nothing much in the error log.
Let me wait for the next occurrence and get gdb.
On 3 September 2015 at 22:11, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:
On 09/03/2015 09:02 AM, Prashant Bapat wrote:
Rich,
Version is 389-ds-base-1.3.3.8-1.fc21.x86_64
Below is the "ldapsearch" command that works on the LDAP server.
ldapsearch -x -b "uid=testuser,cn=users,cn=accounts,dc=example,dc=com"
In python this would be
ldap.initialize("ldap://localhost") [1]
conn.simple_bind_s() [2]response = conn.search_s("uid=testuser,cn=users,cn=accounts,dc=example,dc=com",ldap.SCOPE_BASE) [3][1] is different than "ipa.example.com" - so one possibility is that DNS is not working correctly due to DS - but it depends on where the script is hung
[2] is the same - anonymous bind
[3] assuming uid is "testuser", then the base is the same in your python script - however, in your python script, you are asking for a specific attribute list ["ipaSshPubKey", "ipaSshSigTimestamp", "loginshell"] - not sure why that would make a difference
So, inconclusive. Will need to see the stacktrace from gdb when the server is hung.
Also, do you have any errors in the errors log?
Below is an excerpt of the python script.
#!/usr/bin/env pythonimport sysimport ldapfrom ldap import LDAPError
SUFFIX = "dc=example,dc=com"LDAPSERVER = "ipa.example.com"
if not len(sys.argv) == 2:raise sys.exit("Wrong arguments. Only argument should be the username")
uid = sys.argv[1]search = "uid=%s,cn=users,cn=accounts,%s" % (uid, SUFFIX)
try:conn = ldap.initialize("ldap://%s" % (LDAPSERVER))conn.simple_bind_s()response = conn.search_s(search ,ldap.SCOPE_BASE, "(objectClass=*)", ["ipaSshPubKey", "ipaSshSigTimestamp", "loginshell"])except LDAPError, e:print eprint "Error getting info from LDAP. Either wrong username or issues with LDAP server "raise sys.exit(-1)
On 3 September 2015 at 19:17, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:
On 09/02/2015 09:45 PM, Prashant Bapat wrote:
Hi,
We have been using 389-ds as part of FreeIPA. In one of our environments, we have 2 389-ds installations with replication.
What version? rpm -q 389-ds-base
Randomly, the 389-ds on either of them completely freezes and there are high number of CLOSE_WAITs on tcp/389 port.
http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-hangs
Only way to recover from this situation is to either reboot or "kill -9" the ns-slapd process. Graceful restarts get stuck indefinitely.
One curious thing when this happens, a search using "ldapsearch" command seems to work but a search using a python-ldap client does not. FreeIPA does not work either.
Can you be more specific? What is the exact ldapsearch command line, and can you post/pastebin an excerpt of your python-ldap script?
Any pointers on troubleshooting this would be appreciated.
Thanks.--Prashant
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users