No nothing much in the error log.
Let me wait for the next occurrence and get gdb.
On 3 September 2015 at 22:11, Rich Megginson <rmegg...@redhat.com> wrote:
> On 09/03/2015 09:02 AM, Prashant Bapat wrote:
>
> Rich,
>
> Version is 389-ds-base-1.3.3.8-1.fc21.x86_64
>
> Below is the "ldapsearch" command that works on the LDAP server.
>
> ldapsearch -x -b "uid=testuser,cn=users,cn=accounts,dc=example,dc=com"
>
>
> In python this would be
>
> ldap.initialize("ldap://localhost";) [1]
> conn.simple_bind_s() [2]
> response = conn.search_s(
> "uid=testuser,cn=users,cn=accounts,dc=example,dc=com",ldap.SCOPE_BASE) [3]
>
> [1] is different than "ipa.example.com" - so one possibility is that DNS
> is not working correctly due to DS - but it depends on where the script is
> hung
> [2] is the same - anonymous bind
> [3] assuming uid is "testuser", then the base is the same in your python
> script - however, in your python script, you are asking for a specific
> attribute list ["ipaSshPubKey", "ipaSshSigTimestamp", "loginshell"] - not
> sure why that would make a difference
>
> So, inconclusive. Will need to see the stacktrace from gdb when the
> server is hung.
>
> Also, do you have any errors in the errors log?
>
>
> Below is an excerpt of the python script.
>
> #!/usr/bin/env python
> import sys
> import ldap
> from ldap import LDAPError
>
> SUFFIX = "dc=example,dc=com"
> LDAPSERVER = "ipa.example.com"
>
> if not len(sys.argv) == 2:
> raise sys.exit("Wrong arguments. Only argument should be the username")
>
> uid = sys.argv[1]
> search = "uid=%s,cn=users,cn=accounts,%s" % (uid, SUFFIX)
>
> try:
> conn = ldap.initialize("ldap://%s"; % (LDAPSERVER))
> conn.simple_bind_s()
> response = conn.search_s(search ,ldap.SCOPE_BASE, "(objectClass=*)",
> ["ipaSshPubKey", "ipaSshSigTimestamp", "loginshell"])
> except LDAPError, e:
> print e
> print "Error getting info from LDAP. Either wrong username or issues
> with LDAP server "
> raise sys.exit(-1)
>
>
>
>
> On 3 September 2015 at 19:17, Rich Megginson <rmegg...@redhat.com> wrote:
>
>> On 09/02/2015 09:45 PM, Prashant Bapat wrote:
>>
>> Hi,
>>
>> We have been using 389-ds as part of FreeIPA. In one of our environments,
>> we have 2 389-ds installations with replication.
>>
>>
>> What version? rpm -q 389-ds-base
>>
>>
>> Randomly, the 389-ds on either of them completely freezes and there are
>> high number of CLOSE_WAITs on tcp/389 port.
>>
>>
>> http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-hangs
>>
>>
>> Only way to recover from this situation is to either reboot or "kill -9"
>> the ns-slapd process. Graceful restarts get stuck indefinitely.
>>
>> One curious thing when this happens, a search using "ldapsearch" command
>> seems to work but a search using a python-ldap client does not. FreeIPA
>> does not work either.
>>
>>
>> Can you be more specific? What is the exact ldapsearch command line, and
>> can you post/pastebin an excerpt of your python-ldap script?
>>
>>
>> Any pointers on troubleshooting this would be appreciated.
>>
>> Thanks.
>> --Prashant
>>
>>
>> --
>> 389 users mailing
>> list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
>
> --
> 389 users mailing
> list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
