Bug 1795921

Summary: Depending on the DS setup, dsctl healthcheck may be broken
Product: Red Hat Enterprise Linux 8 Reporter: sgouvern
Component: 389-ds-baseAssignee: mreynolds
Status: CLOSED NEXTRELEASE QA Contact: RHDS QE <ds-qe-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.2CC: bsmejkal, lkrispen, pasik, spichugi, tbordaz, vashirov
Target Milestone: rc   
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.4.2.4-8.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-25 14:28:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 1 sgouvern 2020-01-29 13:13:49 UTC 
The problem seems to be linked to the anonymous bind :
[28/Jan/2020:05:30:09.894876347 -0500] conn=5 op=0 BIND dn="" method=128 version=3

which makes that the "nsslapd-logging-hr-timestamps-enabled" value is not returned by the search op :
28/Jan/2020:05:30:09.909387819 -0500] conn=5 op=3 SRCH base="cn=config" scope=0 filter="(objectClass=*)" attrs="nsslapd-logging-hr-timestamps-enabled"
[28/Jan/2020:05:30:09.909545538 -0500] conn=5 op=3 RESULT err=0 tag=101 nentries=0 etime=0.000316947

the dsctl tool does not provide the option to enter a bind dn (as -D BINDDN in dsconf), in our case no .dsrc file is present, and for some reason, 'nsslapd-ldapiautobind' attribute of cn=config is 'off' 
(when for a manually installed instance it is 'on', resulting in : AUTOBIND dn="cn=Directory Manager")
Comment 2 bsmejkal 2020-02-13 06:58:13 UTC 
The same issue is reproducible on 389-ds-base-1.4.2.4-7.module+el8.2.0+5670+0b8b1c2e.x86_64