https://fedorahosted.org/freeipa/ticket/5637
>From 8da23a1249fe53c4c430869c2bd4646970680672 Mon Sep 17 00:00:00 2001 From: Thierry Bordaz <[email protected]> Date: Thu, 17 Mar 2016 12:09:42 +0100 Subject: [PATCH] DS deadlock when memberof scopes topology plugin updates Topology plugin may merge (aka DEL) segments that would trigger internal search for groups owning that segment. The problem is that it is searching those groups into the full suffix and so need the schema compat map lock. If any other operation holding schema compat map lock need to access the page involved in the DEL, there is a deadlock. This fix is to prevent useless group searching if the target entry is a segment or is in compat tree. https://fedorahosted.org/freeipa/ticket/5637 --- install/updates/20-syncrepl.update | 2 ++ 1 file changed, 2 insertions(+) diff --git a/install/updates/20-syncrepl.update b/install/updates/20-syncrepl.update index 8b02133f5a755d599915d76682cf9fe6e3565768..faa13f645f492ea35824fe57632b56d52afa8a6e 100644 --- a/install/updates/20-syncrepl.update +++ b/install/updates/20-syncrepl.update @@ -11,7 +11,9 @@ add:nsslapd-exclude-suffix: o=ipaca # indices for cn=changelog. dn: cn=MemberOf Plugin,cn=plugins,cn=config add:memberofentryscope: $SUFFIX +add:memberofentryscopeexcludesubtree: cn=compat,$SUFFIX add:memberofentryscopeexcludesubtree: cn=provisioning,$SUFFIX +add:memberofentryscopeexcludesubtree: cn=topology,cn=ipa,cn=etc,$SUFFIX dn: cn=referential integrity postoperation,cn=plugins,cn=config add:nsslapd-plugincontainerscope: $SUFFIX -- 2.5.0
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
