From 2a2773d4bf8553ba64b396d567fe05506b22c94c Mon Sep 17 00:00:00 2001

From: progier389 <72748589+progier389@users.noreply.github.com>

Date: Tue, 24 Nov 2020 19:22:49 +0100

Subject: [PATCH] Issue 4449 - dsconf replication monitor fails to retrieve

 database RUV - consumer (Unavailable) (#4451)

Bug Description:

"dsconf replication monitor" fails to retrieve database RUV entry from consumer and this

appears into the Cockpit web UI too.

The problem is that the bind credentials are not rightly propagated when trying to get

the consumers agreement status.  Then supplier credntials are used instead  and RUV

is searched anonymously because there is no bind dn in ldapi case.

Fix Description:

- Propagates the bind credentials when computing agreement status

- Add a credential cache because now a replica password could get asked several times:

    when discovering the topology and

    when getting the agreement maxcsn

- No testcase in 1.4.3 branch as the file modfied in master does not exists

- Add a comment about nonlocal keyword

Relates: #4449

Reviewers:

  firstyear

  droideck

  mreynolds

Issue 4449: Add a comment about nonlocal keyword

(cherry picked from commit 73ee04fa12cd1de3a5e47c109e79e31c1aaaa2ab)

---

 src/lib389/lib389/cli_conf/replication.py | 13 +++++++++++--

 src/lib389/lib389/replica.py              | 16 ++++++++++++----

 2 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/src/lib389/lib389/cli_conf/replication.py b/src/lib389/lib389/cli_conf/replication.py

index 9dbaa320a..248972cba 100644

--- a/src/lib389/lib389/cli_conf/replication.py

+++ b/src/lib389/lib389/cli_conf/replication.py

@@ -369,9 +369,16 @@ def set_repl_config(inst, basedn, log, args):

 def get_repl_monitor_info(inst, basedn, log, args):

     connection_data = dsrc_to_repl_monitor(DSRC_HOME, log)

+    credentials_cache = {}

     # Additional details for the connections to the topology

     def get_credentials(host, port):

+        # credentials_cache is nonlocal to refer to the instance

+        # from enclosing function (get_repl_monitor_info)`

+        nonlocal credentials_cache

+        key = f'{host}:{port}'

+        if key in credentials_cache:

+            return credentials_cache[key]

         found = False

         if args.connections:

             connections = args.connections

@@ -406,8 +413,10 @@ def get_repl_monitor_info(inst, basedn, log, args):

             binddn = input(f'\nEnter a bind DN for {host}:{port}: ').rstrip()

             bindpw = getpass(f"Enter a password for {binddn} on {host}:{port}: ").rstrip()

-        return {"binddn": binddn,

-                "bindpw": bindpw}

+        credentials = {"binddn": binddn,

+                       "bindpw": bindpw}

+        credentials_cache[key] = credentials

+        return credentials

     repl_monitor = ReplicationMonitor(inst)

     report_dict = repl_monitor.generate_report(get_credentials, args.json)

diff --git a/src/lib389/lib389/replica.py b/src/lib389/lib389/replica.py

index c2ad2104d..3d89e61fb 100644

--- a/src/lib389/lib389/replica.py

+++ b/src/lib389/lib389/replica.py

@@ -2487,9 +2487,10 @@ class ReplicationMonitor(object):

         else:

             self._log = logging.getLogger(__name__)

-    def _get_replica_status(self, instance, report_data, use_json):

+    def _get_replica_status(self, instance, report_data, use_json, get_credentials=None):

         """Load all of the status data to report

         and add new hostname:port pairs for future processing

+        :type get_credentials: function

         """

         replicas_status = []

@@ -2503,6 +2504,13 @@ class ReplicationMonitor(object):

             for agmt in agmts.list():

                 host = agmt.get_attr_val_utf8_l("nsds5replicahost")

                 port = agmt.get_attr_val_utf8_l("nsds5replicaport")

+                if get_credentials is not None:

+                    credentials = get_credentials(host, port)

+                    binddn = credentials["binddn"]

+                    bindpw = credentials["bindpw"]

+                else:

+                    binddn = instance.binddn

+                    bindpw = instance.bindpw

                 protocol = agmt.get_attr_val_utf8_l('nsds5replicatransportinfo')

                 # Supply protocol here because we need it only for connection

                 # and agreement status is already preformatted for the user output

@@ -2510,9 +2518,9 @@ class ReplicationMonitor(object):

                 if consumer not in report_data:

                     report_data[f"{consumer}:{protocol}"] = None

                 if use_json:

-                    agmts_status.append(json.loads(agmt.status(use_json=True)))

+                    agmts_status.append(json.loads(agmt.status(use_json=True, binddn=binddn, bindpw=bindpw)))

                 else:

-                    agmts_status.append(agmt.status())

+                    agmts_status.append(agmt.status(binddn=binddn, bindpw=bindpw))

             replicas_status.append({"replica_id": replica_id,

                                     "replica_root": replica_root,

                                     "replica_status": "Available",

@@ -2535,7 +2543,7 @@ class ReplicationMonitor(object):

         initial_inst_key = f"{self._instance.config.get_attr_val_utf8_l('nsslapd-localhost')}:{self._instance.config.get_attr_val_utf8_l('nsslapd-port')}"

         # Do this on an initial instance to get the agreements to other instances

         try:

-            report_data[initial_inst_key] = self._get_replica_status(self._instance, report_data, use_json)

+            report_data[initial_inst_key] = self._get_replica_status(self._instance, report_data, use_json, get_credentials)

         except ldap.LDAPError as e:

             self._log.debug(f"Connection to consumer ({supplier_hostname}:{supplier_port}) failed, error: {e}")

             report_data[initial_inst_key] = [{"replica_status": f"Unavailable - {e.args[0]['desc']}"}]

-- 

2.26.2