eDirectory Partitions/Replicas Viewer


Sometimes it may be nice to have a reliable way to get a quick summary of partitions and replicas from an eDirectory tree. This may be for troubleshooting, or as a record of the current status on a day-to-day basis. As a consultant a common request to a client is, "What partitions do you have defined, and with which replicas on which servers?" For somebody new to eDirectory, getting that answer quickly can be daunting, but it is all there for the taking. As a result of one such request I created this tool which, when running, looks a bit like the following:

ab@mylaptop:~/Desktop> ./replica-view.sh
Enter the LDAP server address (e.g. a2btech.com
Enter the LDAP TLS/SSL server port (636):
Enter the LDAP bind DN (e.g. cn=admin,o=novell):
Enter an optional base DN from which to search for partitions (LDAP format, e.g. dc=sa,dc=system):

Partition: dc=cat,dc=com
  cn=abbox0,dc=abbox0a,dc=server,dc=system - Master
  cn=abbox0b,dc=abbox0b,dc=server,dc=system - Subordinate Reference

Partition: dc=group,o=novell,dc=org
  cn=abbox0,dc=abbox0a,dc=server,dc=system - Master
  cn=abbox0b,dc=abbox0b,dc=server,dc=system - Subordinate Reference

  cn=abbox0,dc=abbox0a,dc=server,dc=system - Master
  cn=abbox0b,dc=abbox0b,dc=server,dc=system - Read/Write

Partition: o=suse,dc=org
  cn=abbox0,dc=abbox0a,dc=server,dc=system - Subordinate Reference
  cn=abbox0b,dc=abbox0b,dc=server,dc=system - Master

You can enter credentials, or a base DN as well, but a default tree will not require those. Disabling of anonymous binds is more common these days, so do not rule it out.

As a disclaimer: when run with credentials those credentials are visible to things like 'ps' on the box where executed. Also, while I'm using LDAPS explicitly, I am also explicitly trusting whatever certificate the server presents. That could all be improved for security, though if you have a man-in-the-middle situation where you run this, probably on a server itself, you likely have bigger problems than fixing this would help.

I have only coded this for what I believe are valid replica types 0, 1, 2, and 3; this means filtered replicas are not included, though they are rarely used. I also do not have a read-only replica for testing, so I assume that 2 means read-only.

I am also assuming various common utilities are present on the box, but I should probably check for those and prompt to add them on enterprise distributions of Linux; some of those tools include /usr/bin/ldapsearch, hexdump, head, grep, sed, awk, base64, dd, and bash (the shell).

Is this a useful tool to have on hand? Does it work properly, or are there any cases where it is not behaving as expected? Send feedback in the comments section and I"ll implement fixes.

Happy computing!


How To-Best Practice
Comment List