From 21ed5224d63e3118a39ddd5ea438367532541a8f Mon Sep 17 00:00:00 2001

From: Matus Honek <mhonek@redhat.com>

Date: Mon, 2 Dec 2019 14:53:31 +0100

Subject: [PATCH 11/12] Issue 50746 - Add option to healthcheck to list all the

 lint reports

Bug Description:

Healthcheck lacks a way to find out what checks are available.

Fix Description:

Add dsctl healthcheck options to list available checks, known error

codes, and ability to run cehcks selectively. The checks are rather

hierarchically structured and in some cases matchable by patterns (by

use of asterisk).

Fixes https://pagure.io/389-ds-base/issue/50746

Author: Matus Honek <mhonek@redhat.com>

Review by: Mark, William, Simon (thanks for the patience!)

(cherry picked from commit 4a55322c7bdb0b9ff57428ad0dc2e4d943572a69)

---

 src/lib389/cli/dsctl                          |   1 +

 src/lib389/lib389/_mapped_object.py           |  34 +---

 src/lib389/lib389/_mapped_object_lint.py      | 157 ++++++++++++++++++

 src/lib389/lib389/backend.py                  |  13 +-

 src/lib389/lib389/cli_ctl/health.py           | 116 +++++++++----

 src/lib389/lib389/config.py                   |  13 +-

 src/lib389/lib389/dseldif.py                  |  29 +---

 src/lib389/lib389/encrypted_attributes.py     |   1 -

 src/lib389/lib389/index.py                    |   3 -

 src/lib389/lib389/lint.py                     | 125 ++++++++------

 src/lib389/lib389/monitor.py                  |   5 +-

 src/lib389/lib389/nss_ssl.py                  |  23 ++-

 src/lib389/lib389/plugins.py                  |   5 +-

 src/lib389/lib389/replica.py                  |  10 +-

 .../lib389/tests/mapped_object_lint_test.py   |  78 +++++++++

 15 files changed, 448 insertions(+), 165 deletions(-)

 create mode 100644 src/lib389/lib389/_mapped_object_lint.py

 create mode 100644 src/lib389/lib389/tests/mapped_object_lint_test.py

diff --git a/src/lib389/cli/dsctl b/src/lib389/cli/dsctl

index fd9bd87c1..9deda7039 100755

--- a/src/lib389/cli/dsctl

+++ b/src/lib389/cli/dsctl

@@ -64,6 +64,7 @@ cli_dbgen.create_parser(subparsers)

 argcomplete.autocomplete(parser)

+

 # handle a control-c gracefully

 def signal_handler(signal, frame):

     print('\n\nExiting...')

diff --git a/src/lib389/lib389/_mapped_object.py b/src/lib389/lib389/_mapped_object.py

index ce0ebfeb8..c60837601 100644

--- a/src/lib389/lib389/_mapped_object.py

+++ b/src/lib389/lib389/_mapped_object.py

@@ -15,6 +15,7 @@ import json

 from functools import partial

 from lib389._entry import Entry

 from lib389._constants import DIRSRV_STATE_ONLINE

+from lib389._mapped_object_lint import DSLint, DSLints

 from lib389.utils import (

         ensure_bytes, ensure_str, ensure_int, ensure_list_bytes, ensure_list_str,

         ensure_list_int, display_log_value, display_log_data

@@ -82,7 +83,7 @@ class DSLogging(object):

             self._log.setLevel(logging.INFO)

-class DSLdapObject(DSLogging):

+class DSLdapObject(DSLogging, DSLint):

     """A single instance of DSLdapObjects

     :param instance: An instance

@@ -107,7 +108,6 @@ class DSLdapObject(DSLogging):

         self._must_attributes = None

         # attributes, we don't want to compare

         self._compare_exclude = ['entryid', 'modifytimestamp', 'nsuniqueid']

-        self._lint_functions = None

         self._server_controls = None

         self._client_controls = None

         self._object_filter = '(objectClass=*)'

@@ -985,38 +985,10 @@ class DSLdapObject(DSLogging):

         """

         return self._create(rdn, properties, basedn, ensure=True)

-    def lint(self):

-        """Override this to create a linter for a type. This means that we can detect

-        and report common administrative errors in the server from our cli and

-        rest tools.

-

-        The structure of a result is::

-

-          {

-            dsle: '<identifier>'. dsle == ds lint error. Will be a code unique to

-                                this module for the error, IE DSBLE0001.

-            severity: '[HIGH:MEDIUM:LOW]'. severity of the error.

-            items: '(dn,dn,dn)'. List of affected DNs or names.

-            detail: 'msg ...'. An explination of the error.

-            fix: 'msg ...'. Steps to resolve the error.

-          }

-

-        :returns: An array of these dicts, on None if there are no errors.

-        """

-

-        if not self._lint_functions:

-            return None

-        results = []

-        for fn in self._lint_functions:

-            for result in fn():

-                if result is not None:

-                    results.append(result)

-        return results

-

 # A challenge of this, is how do we manage indexes? They have two naming attributes....

-class DSLdapObjects(DSLogging):

+class DSLdapObjects(DSLogging, DSLints):

     """The object represents the next idea: "Everything is an instance of something

     that exists in this way", i.e. we unite LDAP entries by some

     set of parameters with the object.

diff --git a/src/lib389/lib389/_mapped_object_lint.py b/src/lib389/lib389/_mapped_object_lint.py

new file mode 100644

index 000000000..2d03de98f

--- /dev/null

+++ b/src/lib389/lib389/_mapped_object_lint.py

@@ -0,0 +1,157 @@

+from abc import ABC, abstractmethod

+from functools import partial

+from inspect import signature

+from typing import (

+    Callable,

+    List,

+    Optional,

+    Tuple,

+    Union,

+    Type,

+    Generator,

+    Any

+)

+

+

+DSLintSpec = Tuple[str, Callable]

+DSLintParsedSpec = Tuple[Optional[str], Optional[str]]

+DSLintClassSpec = Generator[DSLintSpec, None, None]

+DSLintMethodSpec = Union[str, None, Type[List]]

+DSLintResults = Generator[Any, None, None]

+

+

+class DSLint():

+    """In a super-class, create a method with name beginning with `_lint_`

+    which would yield results (as described below). Such a method will

+    then be available to the `lint()` method of the class.

+

+    `lint_list`: takes a spec and yields available lints, recursively

+    `lint`:      takes a spac and runs lints according to it, yielding results if any

+

+    `spec`: is a colon-separated string, with prefix matching a method name and suffix

+            being passed down to the method.

+

+    A class inheriting from hereby class shall implement a method named `lint_uid()` which

+    returns a pretty name of the object. This is to be used by a higher level code.

+

+    Each lint method has to have a name prefix with _lint_. It may accept an optional

+    parameter `spec` in which case:

+    - it has to accept typing.List class as a parameter, in which case it shall yield

+      all possible lint specs for that method

+    - it receives the suffix provided to the `spec` of hereby `lint` method (as mentioned above)

+

+    This means that we can detect and report common administrative errors

+    in the server from our cli and rest tools.

+

+    The structure of a result shall be:

+

+        {

+        dsle: '<identifier>'. dsle == ds lint error. Will be a code unique to

+                            this module for the error, IE DSBLE0001.

+        severity: '[HIGH:MEDIUM:LOW]'. severity of the error.

+        items: '(dn,dn,dn)'. List of affected DNs or names.

+        detail: 'msg ...'. An explination of the error.

+        fix: 'msg ...'. Steps to resolve the error.

+        }

+    """

+

+    @classmethod

+    def _dslint_fname(cls, method: Callable) -> Optional[str]:

+        """Return a pretty name for a method."""

+        if callable(method) and method.__name__.startswith('_lint_'):

+            return method.__name__[len('_lint_'):]

+        else:

+            return None

+

+    @staticmethod

+    def _dslint_parse_spec(spec: Optional[str]) -> DSLintParsedSpec:

+        """Split `spec` to prefix and suffix."""

+        wanted, *rest = spec.split(':', 1) if spec else (None, None)

+        return (wanted if wanted not in [None, '*'] else None,

+                rest[0] if rest else None)

+

+    @classmethod

+    def _dslint_make_spec(cls, method: Callable, spec: Optional[str] = None) -> str:

+        """Build a new spec from prefix (`method` name) and suffix (`spec`)."""

+        fname = cls._dslint_fname(method)

+        return f'{fname}:{spec}' if spec else fname

+

+    def lint_list(self, spec: Optional[str] = None) -> DSLintClassSpec:

+        """Yield specs the object provides.

+

+        This yields from each lint method yielding all specs it can provide.

+        """

+

+        assert hasattr(self, 'lint_uid')

+

+        # Find _lint_ methods

+        # NOTE: There is a caveat: don't you dare try to getattr on a @property, or

+        #       you get it executed. That's why the following line's complexity.

+        fs = [getattr(self, f) for f in dir(self)

+              if f.startswith('_lint_') and self._dslint_fname(getattr(self, f))]

+

+        # Filter acording to the `spec`

+        wanted, rest = self._dslint_parse_spec(spec)

+        if wanted:

+            try:

+                fs = [next(filter(lambda f: self._dslint_fname(f) == wanted, fs))]

+            except StopIteration:

+                raise ValueError('there is no such lint function')

+

+        # Yield known specs

+        for f in fs:

+            fspec_t = signature(f).parameters.get('spec', None)

+            if fspec_t:

+                assert fspec_t.annotation == DSLintMethodSpec

+                for fspec in [rest] if rest else f(spec=List):

+                    yield self._dslint_make_spec(f, fspec), partial(f, spec=fspec)

+            else:

+                yield self._dslint_make_spec(f, rest), f

+

+    def lint(self, spec: DSLintMethodSpec = None) -> DSLintResults:

+        """Lint the object according to the `spec`."""

+

+        if spec == List:

+            yield from self.lint_list()

+        else:

+            for fn, f in self.lint_list(spec):

+                yield from f()

+

+

+class DSLints():

+    """This is a meta class to provide lint functionality to classes that provide

+    method `list` which returns list of objects that inherit from DSLint.

+

+    Calling `lint` or `lint_list` method yields from respective object's methods.

+

+    The `spec` is a colon-separated string. Its prefix matches the respective object's

+    `lint_uid` (or all when asterisk); the suffix is passed down to the respective

+    object's method.

+    """

+

+    def lint_list(self, spec: Optional[str] = None) -> DSLintClassSpec:

+        """Yield specs the objects returned by `list` method provide."""

+

+        assert hasattr(self, 'list')

+

+        # Filter acording to the `spec`

+        wanted, rest_spec = DSLint._dslint_parse_spec(spec)

+        if wanted in [None, '*']:

+            clss = self.list()

+        else:

+            clss = (cls for cls in self.list() if cls.lint_uid() == wanted)

+

+        # Yield known specs

+        for cls in clss:

+            for fn, f in cls.lint_list(spec=rest_spec):

+                yield (f'{cls.lint_uid()}:{fn}',

+                       partial(f, rest_spec) if rest_spec else f)

+

+    def lint(self, spec: DSLintMethodSpec = None) -> DSLintResults:

+        """Lint the objects returned by `list` method according to the `spec`."""

+

+        if spec == List:

+            yield from self.lint_list()

+        else:

+            for obj in self.list():

+                yield from obj.lint()

diff --git a/src/lib389/lib389/backend.py b/src/lib389/lib389/backend.py

index 4f752f414..8863ad1a8 100644

--- a/src/lib389/lib389/backend.py

+++ b/src/lib389/lib389/backend.py

@@ -393,6 +393,10 @@ class BackendLegacy(object):

         replace = [(ldap.MOD_REPLACE, 'nsslapd-require-index', 'on')]

         self.modify_s(dn, replace)

+    @classmethod

+    def lint_uid(cls):

+        return 'backends'

+

 class Backend(DSLdapObject):

     """Backend DSLdapObject with:

@@ -413,10 +417,12 @@ class Backend(DSLdapObject):

         self._must_attributes = ['nsslapd-suffix', 'cn']

         self._create_objectclasses = ['top', 'extensibleObject', BACKEND_OBJECTCLASS_VALUE]

         self._protected = False

-        self._lint_functions = [self._lint_mappingtree, self._lint_search, self._lint_virt_attrs]

         # Check if a mapping tree for this suffix exists.

         self._mts = MappingTrees(self._instance)

+    def lint_uid(self):

+        return self.get_attr_val_utf8_l('cn').lower()

+

     def _lint_virt_attrs(self):

         """Check if any virtual attribute are incorrectly indexed"""

         indexes = self.get_indexes()

@@ -497,7 +503,6 @@ class Backend(DSLdapObject):

             result = DSBLE0001

             result['items'] = [bename, ]

             yield result

-        return None

     def create_sample_entries(self, version):

         """Creates sample entries under nsslapd-suffix value

@@ -848,6 +853,10 @@ class Backends(DSLdapObjects):

         self._childobject = Backend

         self._basedn = DN_LDBM

+    @classmethod

+    def lint_uid(cls):

+        return 'backends'

+

     def import_ldif(self, be_name, ldifs, chunk_size=None, encrypted=False, gen_uniq_id=None, only_core=False,

                     include_suffixes=None, exclude_suffixes=None):

         """Do an import of the suffix"""

diff --git a/src/lib389/lib389/cli_ctl/health.py b/src/lib389/lib389/cli_ctl/health.py

index 3d15ad85e..6333a753a 100644

--- a/src/lib389/lib389/cli_ctl/health.py

+++ b/src/lib389/lib389/cli_ctl/health.py

@@ -7,6 +7,9 @@

 # --- END COPYRIGHT BLOCK ---

 import json

+import re

+from lib389._mapped_object import DSLdapObjects

+from lib389._mapped_object_lint import DSLint

 from lib389.cli_base import connect_instance, disconnect_instance

 from lib389.cli_base.dsrc import dsrc_to_ldap, dsrc_arg_concat

 from lib389.backend import Backends

@@ -15,17 +18,17 @@ from lib389.monitor import MonitorDiskSpace

 from lib389.replica import Replica, Changelog5

 from lib389.nss_ssl import NssSsl

 from lib389.dseldif import FSChecks, DSEldif

+from lib389 import lint

 from lib389 import plugins

 from lib389._constants import DSRC_HOME

+from functools import partial

+from typing import Iterable

-# These get all instances, then check them all.

-CHECK_MANY_OBJECTS = [

-    Backends,

-]

 # These get single instances and check them.

 CHECK_OBJECTS = [

     Config,

+    Backends,

     Encryption,

     FSChecks,

     plugins.ReferentialIntegrityPlugin,

@@ -52,44 +55,51 @@ def _format_check_output(log, result, idx):

     log.info(result['fix'])

-def health_check_run(inst, log, args):

-    """Connect to the local server using LDAPI, and perform various health checks

-    """

+def _list_targets(inst):

+    for c in CHECK_OBJECTS:

+        o = c(inst)

+        yield o.lint_uid(), o

+

+

+def _list_errors(log):

+    for r in map(partial(getattr, lint),

+                 filter(partial(re.match, r'^DS'),

+                        dir(lint))):

+        log.info(f"{r['dsle']} :: {r['description']}")

-    # update the args for connect_instance()

-    args.basedn = None

-    args.binddn = None

-    args.bindpw = None

-    args.starttls = None

-    args.pwdfile = None

-    args.prompt = False

-    dsrc_inst = dsrc_to_ldap(DSRC_HOME, args.instance, log.getChild('dsrc'))

-    dsrc_inst = dsrc_arg_concat(args, dsrc_inst)

-    try:

-        inst = connect_instance(dsrc_inst=dsrc_inst, verbose=args.verbose, args=args)

-    except Exception as e:

-        raise ValueError('Failed to connect to Directory Server instance: ' + str(e))

+def _list_checks(inst, specs: Iterable[str]):

+    o_uids = dict(_list_targets(inst))

+    for s in specs:

+        wanted, rest = DSLint._dslint_parse_spec(s)

+        if wanted == '*':

+            raise ValueError('Unexpected spec selector asterisk')

+

+        if wanted in o_uids:

+            for l in o_uids[wanted].lint_list(rest):

+                yield o_uids[wanted], l

+        else:

+            raise ValueError('No such object specifier')

+

+

+def _print_checks(inst, specs: Iterable[str]) -> None:

+    for o, s in _list_checks(inst, specs):

+        print(f'{o.lint_uid()}:{s[0]}')

+

+

+def _run(inst, log, args, checks):

     if not args.json:

         log.info("Beginning lint report, this could take a while ...")

+

     report = []

-    for lo in CHECK_MANY_OBJECTS:

+    for o, s in checks:

         if not args.json:

-            log.info("Checking %s ..." % lo.__name__)

-        lo_inst = lo(inst)

-        for clo in lo_inst.list():

-            result = clo.lint()

-            if result is not None:

-                report += result

-    for lo in CHECK_OBJECTS:

-        if not args.json:

-            log.info("Checking %s ..." % lo.__name__)

-        lo_inst = lo(inst)

-        result = lo_inst.lint()

-        if result is not None:

-            report += result

+            log.info(f"Checking {o.lint_uid()}:{s[0]} ...")

+        report += o.lint(s[0]) or []

+

     if not args.json:

         log.info("Healthcheck complete.")

+

     count = len(report)

     if count == 0:

         if not args.json:

@@ -110,6 +120,37 @@ def health_check_run(inst, log, args):

         else:

             log.info(json.dumps(report, indent=4))

+

+def health_check_run(inst, log, args):

+    """Connect to the local server using LDAPI, and perform various health checks

+    """

+

+    if args.list_errors:

+        _list_errors(log)

+        return

+

+    # update the args for connect_instance()

+    args.basedn = None

+    args.binddn = None

+    args.bindpw = None

+    args.starttls = None

+    args.pwdfile = None

+    args.prompt = False

+    dsrc_inst = dsrc_to_ldap(DSRC_HOME, args.instance, log.getChild('dsrc'))

+    dsrc_inst = dsrc_arg_concat(args, dsrc_inst)

+    try:

+        inst = connect_instance(dsrc_inst=dsrc_inst, verbose=args.verbose, args=args)

+    except Exception as e:

+        raise ValueError('Failed to connect to Directory Server instance: ' + str(e))

+

+    checks = args.check or dict(_list_targets(inst)).keys()

+

+    if args.list_checks or args.dry_run:

+        _print_checks(inst, checks)

+        return

+

+    _run(inst, log, args, _list_checks(inst, checks))

+

     disconnect_instance(inst)

@@ -120,4 +161,9 @@ def create_parser(subparsers):

         "remote Directory Server as this tool needs access to local resources, "

         "otherwise the report may be inaccurate.")

     run_healthcheck_parser.set_defaults(func=health_check_run)

-

+    run_healthcheck_parser.add_argument('--list-checks', action='store_true', help='List of known checks')

+    run_healthcheck_parser.add_argument('--list-errors', action='store_true', help='List of known error codes')

+    run_healthcheck_parser.add_argument('--dry-run', action='store_true', help='Do not execute the actual check, only list what would be done')

+    run_healthcheck_parser.add_argument('--check', nargs='+', default=None,

+                                        help='Areas to check. These can be obtained by --list-checks. Every element on the left of the colon (:)'

+                                             ' may be replaced by an asterisk if multiple options on the right are available.')

diff --git a/src/lib389/lib389/config.py b/src/lib389/lib389/config.py

index a29d0244c..aa4c92beb 100644

--- a/src/lib389/lib389/config.py

+++ b/src/lib389/lib389/config.py

@@ -54,7 +54,6 @@ class Config(DSLdapObject):

         ]

         self._compare_exclude  = self._compare_exclude + config_compare_exclude

         self._rdn_attribute = 'cn'

-        self._lint_functions = [self._lint_hr_timestamp, self._lint_passwordscheme]

     @property

     def dn(self):

@@ -197,6 +196,10 @@ class Config(DSLdapObject):

         fields = 'nsslapd-security nsslapd-ssl-check-hostname'.split()

         return self._instance.getEntry(DN_CONFIG, attrlist=fields)

+    @classmethod

+    def lint_uid(cls):

+        return 'config'

+

     def _lint_hr_timestamp(self):

         hr_timestamp = self.get_attr_val('nsslapd-logging-hr-timestamps-enabled')

         if ensure_bytes('on') != hr_timestamp:

@@ -242,20 +245,22 @@ class Encryption(DSLdapObject):

         self._rdn_attribute = 'cn'

         self._must_attributes = ['cn']

         self._protected = True

-        self._lint_functions = [self._lint_check_tls_version]

     def create(self, rdn=None, properties={'cn': 'encryption', 'nsSSLClientAuth': 'allowed'}):

         if rdn is not None:

             self._log.debug("dn on cn=encryption is not None. This is a mistake.")

         super(Encryption, self).create(properties=properties)

+    @classmethod

+    def lint_uid(cls):

+        return 'encryption'

+

     def _lint_check_tls_version(self):

         tls_min = self.get_attr_val('sslVersionMin')

         if tls_min is not None and tls_min < ensure_bytes('TLS1.1'):

             report = copy.deepcopy(DSELE0001)

             report['fix'] = report['fix'].replace('YOUR_INSTANCE', self._instance.serverid)

             yield report

-        yield None

     @property

     def ciphers(self):

@@ -487,7 +492,6 @@ class LDBMConfig(DSLdapObject):

         self._dn = DN_CONFIG_LDBM

         # config_compare_exclude = []

         self._rdn_attribute = 'cn'

-        self._lint_functions = []

         self._protected = True

@@ -506,5 +510,4 @@ class BDB_LDBMConfig(DSLdapObject):

         self._dn = DN_CONFIG_LDBM_BDB

         self._config_compare_exclude = []

         self._rdn_attribute = 'cn'

-        self._lint_functions = []

         self._protected = True

diff --git a/src/lib389/lib389/dseldif.py b/src/lib389/lib389/dseldif.py

index 5378e6ee9..96c9af9d1 100644

--- a/src/lib389/lib389/dseldif.py

+++ b/src/lib389/lib389/dseldif.py

@@ -16,6 +16,7 @@ from datetime import timedelta

 from stat import ST_MODE

 # from lib389.utils import print_nice_time

 from lib389.paths import Paths

+from lib389._mapped_object_lint import DSLint

 from lib389.lint import (

     DSPERMLE0001,

     DSPERMLE0002,

@@ -25,7 +26,7 @@ from lib389.lint import (

 )

-class DSEldif(object):

+class DSEldif(DSLint):

     """A class for working with dse.ldif file

     :param instance: An instance

@@ -58,15 +59,10 @@ class DSEldif(object):

                         processed_line = line

                 else:

                     processed_line = processed_line[:-1] + line[1:]

-        self._lint_functions = [self._lint_nsstate]

-    def lint(self):

-        results = []

-        for fn in self._lint_functions:

-            for result in fn():

-                if result is not None:

-                    results.append(result)

-        return results

+    @classmethod

+    def lint_uid(cls):

+        return 'dseldif'

     def _lint_nsstate(self):

         suffixes = self.readNsState()

@@ -320,7 +316,7 @@ class DSEldif(object):

         return states

-class FSChecks(object):

+class FSChecks(DSLint):

     """This is for the healthcheck feature, check commonly used system config files the

     server uses.  This is here for lack of a better place to add this class.

     """

@@ -344,17 +340,10 @@ class FSChecks(object):

                 'report': DSPERMLE0002

             },

         ]

-        self._lint_functions = [self._lint_file_perms]

-    def lint(self):

-        """Run a lint/healthcheck for this class

-        """

-        results = []

-        for fn in self._lint_functions:

-            for result in fn():

-                if result is not None:

-                    results.append(result)

-        return results

+    @classmethod

+    def lint_uid(cls):

+        return 'fschecks'

     def _lint_file_perms(self):

         """Test file permissions are safe

diff --git a/src/lib389/lib389/encrypted_attributes.py b/src/lib389/lib389/encrypted_attributes.py

index 9afd2e66b..2fa26cef9 100644

--- a/src/lib389/lib389/encrypted_attributes.py

+++ b/src/lib389/lib389/encrypted_attributes.py

@@ -27,7 +27,6 @@ class EncryptedAttr(DSLdapObject):

         self._must_attributes = ['cn', 'nsEncryptionAlgorithm']

         self._create_objectclasses = ['top', 'nsAttributeEncryption']

         self._protected = False

-        self._lint_functions = []

 class EncryptedAttrs(DSLdapObjects):

diff --git a/src/lib389/lib389/index.py b/src/lib389/lib389/index.py

index 6932883b7..a3d019d27 100644

--- a/src/lib389/lib389/index.py

+++ b/src/lib389/lib389/index.py

@@ -41,7 +41,6 @@ class Index(DSLdapObject):

         self._must_attributes = ['cn', 'nsSystemIndex', 'nsIndexType']

         self._create_objectclasses = ['top', 'nsIndex']

         self._protected = False

-        self._lint_functions = []

 class Indexes(DSLdapObjects):

@@ -77,7 +76,6 @@ class VLVSearch(DSLdapObject):

         self._must_attributes = ['cn', 'vlvbase', 'vlvscope', 'vlvfilter']

         self._create_objectclasses = ['top', 'vlvSearch']

         self._protected = False

-        self._lint_functions = []

         self._be_name = None

     def get_sorts(self):

@@ -163,7 +161,6 @@ class VLVIndex(DSLdapObject):

         self._must_attributes = ['cn', 'vlvsort']

         self._create_objectclasses = ['top', 'vlvIndex']

         self._protected = False

-        self._lint_functions = []

 class VLVIndexes(DSLdapObjects):

diff --git a/src/lib389/lib389/lint.py b/src/lib389/lib389/lint.py

index b5a305bc3..a103feec7 100644

--- a/src/lib389/lib389/lint.py

+++ b/src/lib389/lib389/lint.py

@@ -14,8 +14,9 @@

 DSBLE0001 = {

     'dsle': 'DSBLE0001',

     'severity': 'MEDIUM',

-    'items' : [],

-    'detail' : """This backend may be missing the correct mapping tree references. Mapping Trees allow

+    'description': 'Possibly incorrect mapping tree.',

+    'items': [],

+    'detail': """This backend may be missing the correct mapping tree references. Mapping Trees allow

 the directory server to determine which backend an operation is routed to in the

 abscence of other information. This is extremely important for correct functioning

 of LDAP ADD for example.

@@ -32,7 +33,7 @@ objectClass: extensibleObject

 objectClass: nsMappingTree

 """,

-    'fix' : """Either you need to create the mapping tree, or you need to repair the related

+    'fix': """Either you need to create the mapping tree, or you need to repair the related

 mapping tree. You will need to do this by hand by editing cn=config, or stopping

 the instance and editing dse.ldif.

 """

@@ -41,25 +42,28 @@ the instance and editing dse.ldif.

 DSBLE0002 = {

     'dsle': 'DSBLE0002',

     'severity': 'HIGH',

-    'items' : [],

-    'detail' : """Unable to query the backend.  LDAP error (ERROR)""",

-    'fix' : """Check the server's error and access logs for more information."""

+    'description': 'Unable to query backend.',

+    'items': [],

+    'detail': """Unable to query the backend.  LDAP error (ERROR)""",

+    'fix': """Check the server's error and access logs for more information."""

 }

 DSBLE0003 = {

     'dsle': 'DSBLE0003',

     'severity': 'LOW',

-    'items' : [],

-    'detail' : """The backend database has not been initialized yet""",

-    'fix' : """You need to import an LDIF file, or create the suffix entry, in order to initialize the database."""

+    'description': 'Uninitialized backend database.',

+    'items': [],