From edf3d210e9ba9006f87e0597b052fa925c68ddc2 Mon Sep 17 00:00:00 2001

From: Mark Reynolds <mreynolds@redhat.com>

Date: Mon, 20 Mar 2017 17:35:10 -0400

Subject: [PATCH] Issue 49065 - dbmon.sh fails if you have

 nsslapd-require-secure-binds enabled

Description:  Add the ability to detect if security is enabled, if so connect using

              start TLS.  Added a new param SERVID for specifying which instance

              you want to look at.

https://pagure.io/389-ds-base/issue/49065

Reviewed by: firstyear(Thanks!)

---

 Makefile.am                                      |  2 +-

 ldap/admin/src/scripts/{dbmon.sh => dbmon.sh.in} | 62 ++++++++++++++++++++++--

 man/man8/dbmon.sh.8                              | 14 +++---

 3 files changed, 65 insertions(+), 13 deletions(-)

 rename ldap/admin/src/scripts/{dbmon.sh => dbmon.sh.in} (81%)

 mode change 100755 => 100644

diff --git a/Makefile.am b/Makefile.am

index 9aebb6b..4a4b2d3 100644

--- a/Makefile.am

+++ b/Makefile.am

@@ -235,7 +235,7 @@ CLEANFILES =  dberrstrs.h ns-slapd.properties \

 	ldap/admin/src/scripts/usn-tombstone-cleanup.pl ldap/admin/src/scripts/verify-db.pl \

 	ldap/admin/src/scripts/ds_selinux_port_query ldap/admin/src/scripts/ds_selinux_enabled \

 	ldap/admin/src/scripts/dbverify ldap/admin/src/scripts/readnsstate \

-	doxyfile.stamp \

+	doxyfile.stamp ldap/admin/src/scripts/dbmon.sh \

 	$(NULL)

 clean-local:

diff --git a/ldap/admin/src/scripts/dbmon.sh b/ldap/admin/src/scripts/dbmon.sh.in

old mode 100755

new mode 100644

similarity index 81%

rename from ldap/admin/src/scripts/dbmon.sh

rename to ldap/admin/src/scripts/dbmon.sh.in

index 3b8b4d1..4ee6adc

--- a/ldap/admin/src/scripts/dbmon.sh

+++ b/ldap/admin/src/scripts/dbmon.sh.in

@@ -8,10 +8,11 @@

 # END COPYRIGHT BLOCK

 #

+. @datadir@/@package_name@/data/DSSharedLib

+

 DURATION=${DURATION:-0}

 INCR=${INCR:-1}

-HOST=${HOST:-localhost}

-PORT=${PORT:-389}

+SERVID=${SERVID}

 BINDDN=${BINDDN:-"cn=directory manager"}

 BINDPW=${BINDPW:-"secret"}

 DBLIST=${DBLIST:-all}

@@ -180,10 +181,63 @@ parseldif() {

 }

 dodbmon() {

+    initfile=$(get_init_file "@initconfigdir@" $SERVID)

+    if [ $? -eq 1 ]

+    then

+        echo "You must supply a valid server instance identifier (via SERVID)."

+        echo "Available instances: $initfile"

+        exit 1

+    fi

+

+    . $initfile

+

+    process_dse $CONFIG_DIR $$

+    file="/tmp/DSSharedLib.$$"

+    port=$(grep -i 'nsslapd-port' $file | awk '{print $2}' )

+    host=$(grep -i 'nsslapd-localhost' $file | awk '{print $2}' )

+    security=$(grep -i 'nsslapd-security' $file | awk '{print $2}' )

+    certdir=$(grep -i 'nsslapd-certdir' $file | awk '{print $2}' )

+    rm $file

+

+    if [ -n "$ldapiURL" ]

+    then

+        ldapiURL=`echo "$ldapiURL" | sed -e 's/\//%2f/g'`

+        ldapiURL="ldapi://"$ldapiURL

+    fi

+

+    client_type=`ldapsearch -V 2>&1;;

+    echo "$client_type" | grep -q "OpenLDAP"

+    if  [ $? -eq 0 ]

+    then

+        openldap="yes"

+        export LDAPTLS_CACERTDIR=$certdir

+    fi

+

+    if [ -z $security ]; then

+        security="off"

+    fi

+

     while [ 1 ] ; do

         date

-        ldapsearch -xLLL -h $HOST -p $PORT -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \

-        | parseldif

+        if [ "$security" = "on" ]; then

+            # STARTTLS

+	    if [ "$openldap" = "yes" ]; then

+	        ldapsearch -x -LLL -ZZ -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \

+                | parseldif

+	    else

+	        ldapsearch -ZZZ -P $certdir  -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \

+                | parseldif

+	    fi

+        else

+            # LDAP

+            if [ "$openldap" = "yes" ]; then

+	        ldapsearch -x -LLL -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \

+                | parseldif

+            else

+	        ldapsearch -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \

+                | parseldif

+            fi

+        fi

         echo ""

         sleep $INCR

     done

diff --git a/man/man8/dbmon.sh.8 b/man/man8/dbmon.sh.8

index 49e61d0..ad318a1 100644

--- a/man/man8/dbmon.sh.8

+++ b/man/man8/dbmon.sh.8

@@ -2,7 +2,7 @@

 .\" First parameter, NAME, should be all caps

 .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection

 .\" other parameters are allowed: see man(7), man(1)

-.TH DBMON.SH 8 "Jul 25, 2014"

+.TH DBMON.SH 8 "Mar 20, 2017"

 .\" Please adjust this date whenever revising the manpage.

 .\"

 .\" Some roff macros, for reference:

@@ -18,7 +18,7 @@

 .SH NAME 

 dbmon.sh - Directory Server script for monitoring database and entry cache usage

 .SH SYNOPSIS

-[INCR=num] [HOST=hostname] [PORT=num] [BINDDN=binddn] [BINDPW=password] [DBLIST=databases] [INDEXLIST=indexes] [VERBOSE=num] dbmon.sh

+[INCR=num] [SERVID=server_id][BINDDN=binddn] [BINDPW=password] [DBLIST=databases] [INDEXLIST=indexes] [VERBOSE=num] dbmon.sh

 .SH DESCRIPTION

 dbmon.sh is a tool used to monitor database and entry cache usage. It is especially useful for database cache and entry/dn cache tuning - how much space is left, is the cache full, how much space on average do I need per entry/dn.

 .SH OPTIONS

@@ -31,9 +31,7 @@ All arguments are optional, but you will most likely have to provide BINDPW

 .TP

 .B \fBINCR\fR - show results every INCR seconds - default is 1 second

 .TP

-.B \fBHOST\fR - name of host or IP address - default is "localhost"

-.TP

-.B \fBPORT\fR - port number (LDAP not LDAPS) - default is 389

+.B \fBSERVID\fR - Name of the server instance

 .TP

 .B \fBBINDDN\fR - DN to use to bind - must have permission to read everything under cn=config - default is cn=Directory Manager

 .TP

@@ -46,11 +44,11 @@ All arguments are optional, but you will most likely have to provide BINDPW

 .B \fBVERBOSE\fR - output level - 0 == suitable for parsing by a script - 1 == has column headings - 2 == provides detailed descriptions of the data - default is 0

 .SH EXAMPLE

-INCR=1 HOST=ldap.example.com BINDDN="cn=directory manager" BINDPW="secret" VERBOSE=2 dbmon.sh

+INCR=1 SERVID=slapd-localhost BINDDN="cn=directory manager" BINDPW="secret" VERBOSE=2 dbmon.sh

 .SH AUTHOR

 dbmon.sh was written by the 389 Project.

 .SH "REPORTING BUGS"

-Report bugs to https://fedorahosted.org/389/newticket.

+Report bugs to https://pagure.io/389-ds-base/new_issue

 .SH COPYRIGHT

-Copyright \(co 2014 Red Hat, Inc.

+Copyright \(co 2017 Red Hat, Inc.

-- 

2.9.3