On Tue, Nov 03, 2015 at 01:09:53PM +0100, Troels Hansen wrote: > Hi again, so I finally got time to look further into this. > > This task works: > > dn: cn=$TIME-$FQDN-$LIBARCH,cn=ipa-sidgen-task,cn=tasks,cn=config > add:objectclass:top,extensibleObject > add:cn:$TIME-$FQDN-$LIBARCH > add:nsslapd-basedn:"$SUFFIX" > add:delay:0 > add:ttl:3600 > > However, the task gets generated, but no output can be pulled from the task: > > ldapsearch -D "cn=Directory Manager" -W -b > 'cn=1446551851-kenai.casalogic.lan-64,cn=ipa-sidgen-task,cn=tasks,cn=config' > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base > <cn=1446551851-kenai.casalogic.lan-64,cn=ipa-sidgen-task,cn=tasks,cn=config> > with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # 1446551851-kenai.casalogic.lan-64, ipa-sidgen-task, tasks, config > dn: cn=1446551851-kenai.casalogic.lan-64,cn=ipa-sidgen-task,cn=tasks,cn=config > objectClass: top > objectClass: extensibleObject > nsslapd-basedn: dc=casalogic,dc=lan > delay: 0 > cn: 1446551851-kenai.casalogic.lan-64 > ttl: 3600 > nstaskcurrentitem: 1 > nstasktotalitems: 1 > nstaskexitcode: 32 > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: > > Only a exitcode 32 > The nstaskcurrentitem and nstasktotalitems remains the same till the task > disappeares. > Any way do debug these taske further to find out which user it stops at, as > it looks like it detects an error at one user and stops the task?
You can activate 'Plug-in debugging' by setting the nsslapd-errorlog-level attribute of cn=config to 65536, see http://www.port389.org/docs/389ds/FAQ/faq.html#troubleshooting for details. Make sure to switch it back to 0 after running the sidgen task because the logging is quite expensive. HTH bye, Sumit > > ----- On Oct 30, 2015, at 3:19 PM, Alexander Bokovoy [email protected] > wrote: > > > On Fri, 30 Oct 2015, Troels Hansen wrote: > >> > >> > >> > >>> I think it should be > >>> add:nsslapd-basedn: cn=accounts,$SUFFIX > >>> not > >>> add:basedn:"cn=accounts,$SUFFIX" > >>> > >>> this is what sidgen task expects and it returns constraint violation > >>> error if parameters are wrong: > >>> > >>> str = fetch_attr(e, "nsslapd-basedn", NULL); > >>> if (str == NULL) { > >>> LOG_FATAL("Missing nsslapd-basedn!\n"); > >>> *returncode = LDAP_CONSTRAINT_VIOLATION; > >>> ret = SLAPI_DSE_CALLBACK_ERROR; > >>> goto done; > >>> } > >>> > >> > >>I think you are right. > >>Don't know what I have tested, but it brings me a different error, that I > >>didn't > >>see before: > >> > >>ipa.ipapython.ipaldap.IPAdmin: DEBUG: Unhandled LDAPError: OPERATIONS_ERROR: > >>{'desc': 'Operations error'} > >>ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR: Add failure Operations > >>error: > >>ipa.ipaserver.install.ipa_ldap_updater.LDAPUpdater_NonUpgrade: INFO: The > >>ipa-ldap-updater command was successful > >> > >>Where did you find the source for the sidgen task? I could try looking at > >>at it > >>myself, but can't find it. > > You can check it here: > > https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/ipa-sidgen/ipa_sidgen_task.c#n221 > > > > -- > > / Alexander Bokovoy > > -- > Med venlig hilsen > > Troels Hansen > > Systemkonsulent > > Casalogic A/S > > > T (+45) 70 20 10 63 > > M (+45) 22 43 71 57 > > Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og > meget mere. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
