andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone

Blame SOURCES/0007-Issue-49065-dbmon.sh-fails-if-you-have-nsslapd-requi.patch

b69e47
From edf3d210e9ba9006f87e0597b052fa925c68ddc2 Mon Sep 17 00:00:00 2001
b69e47
From: Mark Reynolds <mreynolds@redhat.com>
b69e47
Date: Mon, 20 Mar 2017 17:35:10 -0400
b69e47
Subject: [PATCH] Issue 49065 - dbmon.sh fails if you have
b69e47
 nsslapd-require-secure-binds enabled
b69e47
b69e47
Description:  Add the ability to detect if security is enabled, if so connect using
b69e47
              start TLS.  Added a new param SERVID for specifying which instance
b69e47
              you want to look at.
b69e47
b69e47
https://pagure.io/389-ds-base/issue/49065
b69e47
b69e47
Reviewed by: firstyear(Thanks!)
b69e47
---
b69e47
 Makefile.am                                      |  2 +-
b69e47
 ldap/admin/src/scripts/{dbmon.sh => dbmon.sh.in} | 62 ++++++++++++++++++++++--
b69e47
 man/man8/dbmon.sh.8                              | 14 +++---
b69e47
 3 files changed, 65 insertions(+), 13 deletions(-)
b69e47
 rename ldap/admin/src/scripts/{dbmon.sh => dbmon.sh.in} (81%)
b69e47
 mode change 100755 => 100644
b69e47
b69e47
diff --git a/Makefile.am b/Makefile.am
b69e47
index 9aebb6b..4a4b2d3 100644
b69e47
--- a/Makefile.am
b69e47
+++ b/Makefile.am
b69e47
@@ -235,7 +235,7 @@ CLEANFILES =  dberrstrs.h ns-slapd.properties \
b69e47
 	ldap/admin/src/scripts/usn-tombstone-cleanup.pl ldap/admin/src/scripts/verify-db.pl \
b69e47
 	ldap/admin/src/scripts/ds_selinux_port_query ldap/admin/src/scripts/ds_selinux_enabled \
b69e47
 	ldap/admin/src/scripts/dbverify ldap/admin/src/scripts/readnsstate \
b69e47
-	doxyfile.stamp \
b69e47
+	doxyfile.stamp ldap/admin/src/scripts/dbmon.sh \
b69e47
 	$(NULL)
b69e47
 
b69e47
 clean-local:
b69e47
diff --git a/ldap/admin/src/scripts/dbmon.sh b/ldap/admin/src/scripts/dbmon.sh.in
b69e47
old mode 100755
b69e47
new mode 100644
b69e47
similarity index 81%
b69e47
rename from ldap/admin/src/scripts/dbmon.sh
b69e47
rename to ldap/admin/src/scripts/dbmon.sh.in
b69e47
index 3b8b4d1..4ee6adc
b69e47
--- a/ldap/admin/src/scripts/dbmon.sh
b69e47
+++ b/ldap/admin/src/scripts/dbmon.sh.in
b69e47
@@ -8,10 +8,11 @@
b69e47
 # END COPYRIGHT BLOCK
b69e47
 #
b69e47
 
b69e47
+. @datadir@/@package_name@/data/DSSharedLib
b69e47
+
b69e47
 DURATION=${DURATION:-0}
b69e47
 INCR=${INCR:-1}
b69e47
-HOST=${HOST:-localhost}
b69e47
-PORT=${PORT:-389}
b69e47
+SERVID=${SERVID}
b69e47
 BINDDN=${BINDDN:-"cn=directory manager"}
b69e47
 BINDPW=${BINDPW:-"secret"}
b69e47
 DBLIST=${DBLIST:-all}
b69e47
@@ -180,10 +181,63 @@ parseldif() {
b69e47
 }
b69e47
 
b69e47
 dodbmon() {
b69e47
+    initfile=$(get_init_file "@initconfigdir@" $SERVID)
b69e47
+    if [ $? -eq 1 ]
b69e47
+    then
b69e47
+        echo "You must supply a valid server instance identifier (via SERVID)."
b69e47
+        echo "Available instances: $initfile"
b69e47
+        exit 1
b69e47
+    fi
b69e47
+
b69e47
+    . $initfile
b69e47
+
b69e47
+    process_dse $CONFIG_DIR $$
b69e47
+    file="/tmp/DSSharedLib.$$"
b69e47
+    port=$(grep -i 'nsslapd-port' $file | awk '{print $2}' )
b69e47
+    host=$(grep -i 'nsslapd-localhost' $file | awk '{print $2}' )
b69e47
+    security=$(grep -i 'nsslapd-security' $file | awk '{print $2}' )
b69e47
+    certdir=$(grep -i 'nsslapd-certdir' $file | awk '{print $2}' )
b69e47
+    rm $file
b69e47
+
b69e47
+    if [ -n "$ldapiURL" ]
b69e47
+    then
b69e47
+        ldapiURL=`echo "$ldapiURL" | sed -e 's/\//%2f/g'`
b69e47
+        ldapiURL="ldapi://"$ldapiURL
b69e47
+    fi
b69e47
+
b69e47
+    client_type=`ldapsearch -V 2>&1;;
b69e47
+    echo "$client_type" | grep -q "OpenLDAP"
b69e47
+    if  [ $? -eq 0 ]
b69e47
+    then
b69e47
+        openldap="yes"
b69e47
+        export LDAPTLS_CACERTDIR=$certdir
b69e47
+    fi
b69e47
+
b69e47
+    if [ -z $security ]; then
b69e47
+        security="off"
b69e47
+    fi
b69e47
+
b69e47
     while [ 1 ] ; do
b69e47
         date
b69e47
-        ldapsearch -xLLL -h $HOST -p $PORT -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \
b69e47
-        | parseldif
b69e47
+        if [ "$security" = "on" ]; then
b69e47
+            # STARTTLS
b69e47
+	    if [ "$openldap" = "yes" ]; then
b69e47
+	        ldapsearch -x -LLL -ZZ -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \
b69e47
+                | parseldif
b69e47
+	    else
b69e47
+	        ldapsearch -ZZZ -P $certdir  -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \
b69e47
+                | parseldif
b69e47
+	    fi
b69e47
+        else
b69e47
+            # LDAP
b69e47
+            if [ "$openldap" = "yes" ]; then
b69e47
+	        ldapsearch -x -LLL -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \
b69e47
+                | parseldif
b69e47
+            else
b69e47
+	        ldapsearch -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \
b69e47
+                | parseldif
b69e47
+            fi
b69e47
+        fi
b69e47
         echo ""
b69e47
         sleep $INCR
b69e47
     done
b69e47
diff --git a/man/man8/dbmon.sh.8 b/man/man8/dbmon.sh.8
b69e47
index 49e61d0..ad318a1 100644
b69e47
--- a/man/man8/dbmon.sh.8
b69e47
+++ b/man/man8/dbmon.sh.8
b69e47
@@ -2,7 +2,7 @@
b69e47
 .\" First parameter, NAME, should be all caps
b69e47
 .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
b69e47
 .\" other parameters are allowed: see man(7), man(1)
b69e47
-.TH DBMON.SH 8 "Jul 25, 2014"
b69e47
+.TH DBMON.SH 8 "Mar 20, 2017"
b69e47
 .\" Please adjust this date whenever revising the manpage.
b69e47
 .\"
b69e47
 .\" Some roff macros, for reference:
b69e47
@@ -18,7 +18,7 @@
b69e47
 .SH NAME 
b69e47
 dbmon.sh - Directory Server script for monitoring database and entry cache usage
b69e47
 .SH SYNOPSIS
b69e47
-[INCR=num] [HOST=hostname] [PORT=num] [BINDDN=binddn] [BINDPW=password] [DBLIST=databases] [INDEXLIST=indexes] [VERBOSE=num] dbmon.sh
b69e47
+[INCR=num] [SERVID=server_id][BINDDN=binddn] [BINDPW=password] [DBLIST=databases] [INDEXLIST=indexes] [VERBOSE=num] dbmon.sh
b69e47
 .SH DESCRIPTION
b69e47
 dbmon.sh is a tool used to monitor database and entry cache usage. It is especially useful for database cache and entry/dn cache tuning - how much space is left, is the cache full, how much space on average do I need per entry/dn.
b69e47
 .SH OPTIONS
b69e47
@@ -31,9 +31,7 @@ All arguments are optional, but you will most likely have to provide BINDPW
b69e47
 .TP
b69e47
 .B \fBINCR\fR - show results every INCR seconds - default is 1 second
b69e47
 .TP
b69e47
-.B \fBHOST\fR - name of host or IP address - default is "localhost"
b69e47
-.TP
b69e47
-.B \fBPORT\fR - port number (LDAP not LDAPS) - default is 389
b69e47
+.B \fBSERVID\fR - Name of the server instance
b69e47
 .TP
b69e47
 .B \fBBINDDN\fR - DN to use to bind - must have permission to read everything under cn=config - default is cn=Directory Manager
b69e47
 .TP
b69e47
@@ -46,11 +44,11 @@ All arguments are optional, but you will most likely have to provide BINDPW
b69e47
 .B \fBVERBOSE\fR - output level - 0 == suitable for parsing by a script - 1 == has column headings - 2 == provides detailed descriptions of the data - default is 0
b69e47
 
b69e47
 .SH EXAMPLE
b69e47
-INCR=1 HOST=ldap.example.com BINDDN="cn=directory manager" BINDPW="secret" VERBOSE=2 dbmon.sh
b69e47
+INCR=1 SERVID=slapd-localhost BINDDN="cn=directory manager" BINDPW="secret" VERBOSE=2 dbmon.sh
b69e47
 
b69e47
 .SH AUTHOR
b69e47
 dbmon.sh was written by the 389 Project.
b69e47
 .SH "REPORTING BUGS"
b69e47
-Report bugs to https://fedorahosted.org/389/newticket.
b69e47
+Report bugs to https://pagure.io/389-ds-base/new_issue
b69e47
 .SH COPYRIGHT
b69e47
-Copyright \(co 2014 Red Hat, Inc.
b69e47
+Copyright \(co 2017 Red Hat, Inc.
b69e47
-- 
b69e47
2.9.3
b69e47