Hi Ludwig,

Thanks for your reply. We decided earlier today to restore from backup,
that wasn't without issues but we had to get production back up running
asap. I believe I fixed all the issues post backup restore and we seem to
be in good shape now.

We're looking at migrating to redhat idm in the future as we can't afford
facing such critical issues like that.

Thanks to Alexander Bokovoy on IRC as well for providing backup restore
instructions.

Regards,
Alex

On Wed, Nov 29, 2017 at 4:18 AM, Ludwig Krispenz via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> The crash looks very much like the one found in
> https://pagure.io/389-ds-base/issue/48894
> it is fixed and the code has also been generally improved with:
> https://pagure.io/389-ds-base/issue/49401
>
> As far as I can see these patches are not in 1.3.6.1-21, they are in
> upstream 1.3.6.10.
>
> If you cannot get a version containing these patches, you could try to
> cleanup the entry state information by export/import reinitialize. It would
> mean on on server export the data to ldif without replication meta data and
> reimport it. But this changes the data generation and other replicas have
> to be reinitialized for replication to work again
>
> Ludwig
>
> On 11/28/2017 04:37 AM, Alexandre Pitre via FreeIPA-users wrote:
>
> I managed to remove the replication conflicts but the orignal issue
> persist. I found a couple of triggers that crash the directory service,
> regardless of the freeipa server location. Here are the triggers:
>
>    - Deleting a host that exist in freeipa but no longer exist in our
>    infrastructure
>    - Deleting the same host from an hostgroup
>    - Re-building the auto membership of the hosts
>
> What worry me the most is that I can't even delete the "dead hosts" from
> the ldap backend cn=computers OU...it crash the directory service as well.
>
> Attached you'll find the stack trace generated from a core dump.
>
> Please help.
>
> Thanks
>
>
>
>
> On Sun, Nov 26, 2017 at 11:06 PM, Alexandre Pitre <
> alexandre.pi...@gmail.com> wrote:
>
>> I believe I found the root cause.There are replication conflicts.
>>
>> ldapsearch -x -D "cn=directory manager" -w password -b
>> "dc=ipa,dc=domain,dc=com" "nsds5ReplConflict=*" \* nsds5ReplConflict
>>
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=ipa,dc=domain,dc=com> with scope subtree
>> # filter: nsds5ReplConflict=*
>> # requesting: * nsds5ReplConflict
>> #
>>
>> # oldipaserver + b4066f9e-cf0b11e7-9ad4d14c-07041c4f, ipa.domain.com.,
>> dns, t
>>  enant.domain.com
>> dn: idnsName=oldipaserver+nsuniqueid=b4066f9e-cf0b11e7-9ad4d14c-
>> 07041c4f,id
>>  nsname=ipa.domain.com.,cn=dns,dc=ipa,dc=domain,dc=com
>> idnsName: oldipaserver
>> objectClass: idnsRecord
>> objectClass: top
>> aRecord: 10.28.247.230
>> sSHFPRecord: 1 1 D179038D4D2918411C32C2E6052CBB561050EA48
>> sSHFPRecord: 1 2 78E7197543306DDA840AFF07296F66CBDA5BCC35A06E7A2E5229FC43
>> F28A
>>  E7EF
>> sSHFPRecord: 3 1 8C9BF123F46F8F65507059F1CE670589B8A7B84A
>> sSHFPRecord: 3 2 B60CE25FE4DB91975EB9055CADE6FF203F1154C6406B5DA6177659DF
>> B88F
>>  0E46
>> sSHFPRecord: 4 1 2FF7427DE66D360644E2901930F9CA105D47C33F
>> sSHFPRecord: 4 2 98C424319EFF9D8EC8DFD12BB13286FC99F6006873D86739E2AA4A55
>> 4C46
>>  0E04
>> dNSTTL: 1200
>> nsds5ReplConflict: namingConflict idnsName=oldipaserver,idnsname
>> =ipa.domain
>>  .com.,cn=dns,dc=ipa,dc=domain,dc=com
>>
>> # HTTP/oldipaserver.ipa.domain....@ipa.domain.com +
>> aa37478f-cfb111e7-9ad4d14c
>>  -07041c4f, services, accounts, ipa.domain.com
>> dn: krbprincipalname=HTTP/oldipaserver.ipa.domain....@ipa.domain.com
>> +nsunique
>>  id=aa37478f-cfb111e7-9ad4d14c-07041c4f,cn=services,cn=
>> accounts,dc=ipa,dc=y
>>  cs,dc=com
>> ipaUniqueID: c0db959a-cfb1-11e7-8ca5-0050568cb5f0
>> krbPrincipalName: HTTP/oldipaserver.ipa.domain....@ipa.domain.com
>> managedBy: fqdn=oldipaserver.ipa.domain.com,cn=computers,cn=accounts,dc
>> =tena
>>  nt,dc=domain,dc=com
>> krbCanonicalName: HTTP/oldipaserver.ipa.domain....@ipa.domain.com
>> ipaKrbPrincipalAlias: HTTP/oldipaserver.ipa.domain....@ipa.domain.com
>> objectClass: krbprincipal
>> objectClass: krbprincipalaux
>> objectClass: krbticketpolicyaux
>> objectClass: ipaobject
>> objectClass: ipaservice
>> objectClass: pkiuser
>> objectClass: ipakrbprincipal
>> objectClass: top
>> userCertificate:: MIIE4zCCA8ugAwIBAgIBFzANBgkqhk
>> iG9w0BAQsFADA4MRYwFAYDVQQKEw1U
>>  RU5BTlQuWUNTLklPMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHk
>> wHhcNMTcxMTIyMTgyM
>>  DAxWhcNMTkxMTIzMTgyMDAxWjBAMRYwFAYDVQQKDA1URU5BTlQuWUNTLklP
>> MSYwJAYDVQQDDB1tbz
>>  ItdG50LWlwYS0wMDEudGVuYW50Lnljcy5pbzCCASIwDQYJKoZIhvcNAQEBB
>> QADggEPADCCAQoCggE
>>  BAO9EpY9mT/Z4aA4wWse7rak2/Mh0qcAJHK3u5+SEq5eu70b7XAz/ivSOfn
>> 4Q/DJW0jJS03GxLCIC
>>  NUAMzNINnkhuboKceNL1QDz41Bo19tyujhEQlJcdQVa6K0OM7YuKtsXfhI8
>> g8wrcj53YVJailfoSS
>>  iDmvvg/xNJ9P/6WvmvSNZyf7UkXdEM/lAkjEakqM1FPQN1lk/PB10pV6lZz
>> zXSpBCbAU1GuV+srj6
>>  zimvOS/WAgv2cG+iE0mDlfBnW+kqTd/qe5vW914oI4i1x5aLncMkNHsCDzN
>> OBL05UV+Ry/3Un4pdi
>>  ZQCZU1BCKSy7hwhu0SgsI5hk5IPte6/aVG8ECAwEAAaOCAe4wggHqMB8GA1
>> UdIwQYMBaAFNiWa54L
>>  yD1nOFo3rjT6SNTGuZfgMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYY
>> jaHR0cDovL2lwYS1jY
>>  S50ZW5hbnQueWNzLmlvL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1Ud
>> JQQWMBQGCCsGAQUFBw
>>  MBBggrBgEFBQcDAjB4BgNVHR8EcTBvMG2gNaAzhjFodHRwOi8vaXBhLWNhL
>> nRlbmFudC55Y3MuaW8
>>  vaXBhL2NybC9NYXN0ZXJDUkwuYmluojSkMjAwMQ4wDAYDVQQKDAVpcGFjYT
>> EeMBwGA1UEAwwVQ2Vy
>>  dGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBTsjF87tMtQQRowrXaotHV
>> 5vErhxjCBvQYDVR0RB
>>  IG1MIGygh1tbzItdG50LWlwYS0wMDEudGVuYW50Lnljcy5pb6BABgorBgEE
>> AYI3FAIDoDIMMEhUVF
>>  AvbW8yLXRudC1pcGEtMDAxLnRlbmFudC55Y3MuaW9AVEVOQU5ULllDUy5JT
>> 6BPBgYrBgEFAgKgRTB
>>  DoA8bDVRFTkFOVC5ZQ1MuSU+hMDAuoAMCAQGhJzAlGwRIVFRQGx1tbzItdG
>> 50LWlwYS0wMDEudGVu
>>  YW50Lnljcy5pbzANBgkqhkiG9w0BAQsFAAOCAQEAmclabyeU4abixWIv6f6
>> gCRgmXdwBzkvAjTxXP
>>  jfE6ZMwQUFYaoD71j3AxrPJMHnqtYDvPKkr5vkp0qn8ErxjWEBkFH57q0a8
>> z8bwp9enKL4wTALKrc
>>  NoGr0jCLdzR3RWK3+71ITXmWxb1AUsHFq5nuxktKaJC/5QKNQu2REZSscFl
>> bBvI8gema9cjUm0eQ0
>>  iwmSRSPagBWpYowj5eYV6oZBxRR4gtY3QoUKzWelAqPdkqvbF0u96uKfxET
>> /crEqGGwJdA7xqLm8g
>>  S655zkM9b/++exlEFCp2cIxbP51Pinli+FRAQv9Bd75DxrXO6FzAU7UfjCh
>> zTSfk3LRwpWG8aA==
>> krbPwdPolicyReference: cn=Default Service Password
>> Policy,cn=services,cn=accou
>>  nts,dc=ipa,dc=domain,dc=com
>> nsds5ReplConflict: namingConflict krbprincipalname=HTTP/oldipaserver.ipa
>>  .domain....@ipa.domain.com,cn=services,cn=accounts,dc=ipa,
>> dc=domain,dc=com
>>
>> # HTTP/ipaserver002.ipa.domain....@ipa.domain.com +
>> 691465b4-d08d11e7-9ad4d14c
>>  -07041c4f, services, accounts, ipa.domain.com
>> dn: krbprincipalname=HTTP/ipaserver002.ipa.domain....@ipa.domain.com
>> +nsunique
>>  id=691465b4-d08d11e7-9ad4d14c-07041c4f,cn=services,cn=
>> accounts,dc=ipa,dc=y
>>  cs,dc=com
>> ipaUniqueID: 8d595d9c-d08d-11e7-9954-0050568cb5f0
>> krbPrincipalName: HTTP/ipaserver002.ipa.domain....@ipa.domain.com
>> managedBy: fqdn=ipaserver002.ipa.domain.com,cn=computers,cn=accounts,dc
>> =tena
>>  nt,dc=domain,dc=com
>> krbCanonicalName: HTTP/ipaserver002.ipa.domain....@ipa.domain.com
>> ipaKrbPrincipalAlias: HTTP/ipaserver002.ipa.domain....@ipa.domain.com
>> objectClass: krbprincipal
>> objectClass: krbprincipalaux
>> objectClass: krbticketpolicyaux
>> objectClass: ipaobject
>> objectClass: ipaservice
>> objectClass: pkiuser
>> objectClass: ipakrbprincipal
>> objectClass: top
>> userCertificate:: MIIE4zCCA8ugAwIBAgIBGjANBgkqhk
>> iG9w0BAQsFADA4MRYwFAYDVQQKEw1U
>>  RU5BTlQuWUNTLklPMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHk
>> wHhcNMTcxMTIzMjAzM
>>  zI0WhcNMTkxMTI0MjAzMzI0WjBAMRYwFAYDVQQKDA1URU5BTlQuWUNTLklP
>> MSYwJAYDVQQDDB1tbz
>>  ItdG50LWlwYS0wMDIudGVuYW50Lnljcy5pbzCCASIwDQYJKoZIhvcNAQEBB
>> QADggEPADCCAQoCggE
>>  BALsH9D9LIvvzYThtahRAT3E8QvkZLe/SbMU0P52vC4BVoTCCOYDLo6jCTB
>> d925u0zId20hJx71nC
>>  9wchvP3BLA0JexS8bh7U64u5CSTfLK9EPgsHqJgVve0Jz35KFhgcnOP8GqX
>> vdtu1efMJL0hR4/U50
>>  lftEZdy5cm/TSrJL/DncZ1Srl7hHgYIjRIQ5R8S/Axw5zE3eGd8+WsAVB5g
>> qq4fOLUUsQp88ImUES
>>  oYtHHJ1O9s5N/Hz9AAy+TdcKRDj+EEIxoQNUsOms8H7dG6/wFRTb6mq2NBG
>> T9sf2xBW+iUqoKGe0E
>>  kd273xqUGbUyJKuhrGRgHnyrai9G27YqulSsCAwEAAaOCAe4wggHqMB8GA1
>> UdIwQYMBaAFNiWa54L
>>  yD1nOFo3rjT6SNTGuZfgMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYY
>> jaHR0cDovL2lwYS1jY
>>  S50ZW5hbnQueWNzLmlvL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1Ud
>> JQQWMBQGCCsGAQUFBw
>>  MBBggrBgEFBQcDAjB4BgNVHR8EcTBvMG2gNaAzhjFodHRwOi8vaXBhLWNhL
>> nRlbmFudC55Y3MuaW8
>>  vaXBhL2NybC9NYXN0ZXJDUkwuYmluojSkMjAwMQ4wDAYDVQQKDAVpcGFjYT
>> EeMBwGA1UEAwwVQ2Vy
>>  dGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBSsrJU7LDvxTAIbOe1JFI7
>> r6PAcbzCBvQYDVR0RB
>>  IG1MIGygh1tbzItdG50LWlwYS0wMDIudGVuYW50Lnljcy5pb6BABgorBgEE
>> AYI3FAIDoDIMMEhUVF
>>  AvbW8yLXRudC1pcGEtMDAyLnRlbmFudC55Y3MuaW9AVEVOQU5ULllDUy5JT
>> 6BPBgYrBgEFAgKgRTB
>>  DoA8bDVRFTkFOVC5ZQ1MuSU+hMDAuoAMCAQGhJzAlGwRIVFRQGx1tbzItdG
>> 50LWlwYS0wMDIudGVu
>>  YW50Lnljcy5pbzANBgkqhkiG9w0BAQsFAAOCAQEAYcv6z2MlwgDOrcF9HHT
>> pQ1e1Xo+aR1kUfyF53
>>  mWTG5FYJ3BJZz00NhzRr16xfs83eFJ6comcJfujQweD2Ojy7d4oMMYDb85+
>> Am132FgpT5V9rcuMenh
>>  bmAxwXq/7rXZNJzlni+TcPPpHXKgAkdCep+IKrul6r1Ugykj8mWKl2K/+VJ
>> aXt9vCZVZUd5G911lu
>>  kLbdFhNLWCkH8ye0WtibOstYi3blSkc3QGt4gCSf0uAe1OiTKMPqpz+uu8r
>> GRpN8bMVmha5JlbE3F
>>  2zEIbP5xjA2sztPeVOBN+YNn6yi7kmhJAgCpMISQ14G5os7ZIrPtNIs9o7B
>> RIrgOuV6W62UuEw==
>> krbPwdPolicyReference: cn=Default Service Password
>> Policy,cn=services,cn=accou
>>  nts,dc=ipa,dc=domain,dc=com
>> nsds5ReplConflict: namingConflict krbprincipalname=HTTP/ipaserver002.ipa
>>  .domain....@ipa.domain.com,cn=services,cn=accounts,dc=ipa,
>> dc=domain,dc=com
>>
>> # HTTP/ipaserver001.ipa.domain....@ipa.domain.com +
>> f960b202-d14211e7-965fca1d
>>  -506f74cb, services, accounts, ipa.domain.com
>> dn: krbprincipalname=HTTP/ipaserver001.ipa.domain....@ipa.domain.com
>> +nsunique
>>  id=f960b202-d14211e7-965fca1d-506f74cb,cn=services,cn=
>> accounts,dc=ipa,dc=y
>>  cs,dc=com
>> ipaUniqueID: fe68c03a-d142-11e7-b3c2-0050569a7366
>> krbPrincipalName: HTTP/ipaserver001.ipa.domain....@ipa.domain.com
>> managedBy: fqdn=ipaserver001.ipa.domain.com,cn=computers,cn=accounts,dc
>> =tena
>>  nt,dc=domain,dc=com
>> krbCanonicalName: HTTP/ipaserver001.ipa.domain....@ipa.domain.com
>> ipaKrbPrincipalAlias: HTTP/ipaserver001.ipa.domain....@ipa.domain.com
>> objectClass: krbprincipal
>> objectClass: krbprincipalaux
>> objectClass: krbticketpolicyaux
>> objectClass: ipaobject
>> objectClass: ipaservice
>> objectClass: pkiuser
>> objectClass: ipakrbprincipal
>> objectClass: top
>> userCertificate:: MIIE5jCCA86gAwIBAgIED/0ABTANBg
>> kqhkiG9w0BAQsFADA4MRYwFAYDVQQK
>>  Ew1URU5BTlQuWUNTLklPMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3J
>> pdHkwHhcNMTcxMTI0M
>>  TgxMjEyWhcNMTkxMTI1MTgxMjEyWjBAMRYwFAYDVQQKDA1URU5BTlQuWUNT
>> LklPMSYwJAYDVQQDDB
>>  1ybzEtdG50LWlwYS0wMDEudGVuYW50Lnljcy5pbzCCASIwDQYJKoZIhvcNA
>> QEBBQADggEPADCCAQo
>>  CggEBAOE+S90kJ+1zq0Ray0rOYZQn2Rve+Loi8Jy65UUR93CD8XrjHcptPO
>> l3Nha7OM4vodABHgEH
>>  2by8Qzza4FZkIvE+HbPqsHVATPcU9/WBsbXcCY5f1oD4vnu/Crzc9QYRJrM
>> CoukELLVW7EntPVfZv
>>  4/TXDIwE5BDiu4b623+JPjZ0sqHyUCKjcWiIexkp0c9TyeV3m1yYTzhA7TX
>> xhCtgkhZCaPRnDFU8G
>>  NBy3upl1ethbPv65e4zwWAniulmIzpZ8jlMLbzeErTXbxAP2vaxpANJHRep
>> d3hexCNRBpO+nOIHAj
>>  GSdiJhN/JpFS1g6ldTeI+rMxv0hqRQgUiC9CCxgkCAwEAAaOCAe4wggHqMB
>> 8GA1UdIwQYMBaAFNiW
>>  a54LyD1nOFo3rjT6SNTGuZfgMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQc
>> wAYYjaHR0cDovL2lwY
>>  S1jYS50ZW5hbnQueWNzLmlvL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0G
>> A1UdJQQWMBQGCCsGAQ
>>  UFBwMBBggrBgEFBQcDAjB4BgNVHR8EcTBvMG2gNaAzhjFodHRwOi8vaXBhL
>> WNhLnRlbmFudC55Y3M
>>  uaW8vaXBhL2NybC9NYXN0ZXJDUkwuYmluojSkMjAwMQ4wDAYDVQQKDAVpcG
>> FjYTEeMBwGA1UEAwwV
>>  Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBQW9TaRJG4IdTlAkGG
>> OleOAqYIL3TCBvQYDV
>>  R0RBIG1MIGygh1ybzEtdG50LWlwYS0wMDEudGVuYW50Lnljcy5pb6BABgor
>> BgEEAYI3FAIDoDIMME
>>  hUVFAvcm8xLXRudC1pcGEtMDAxLnRlbmFudC55Y3MuaW9AVEVOQU5ULllDU
>> y5JT6BPBgYrBgEFAgK
>>  gRTBDoA8bDVRFTkFOVC5ZQ1MuSU+hMDAuoAMCAQGhJzAlGwRIVFRQGx1ybz
>> EtdG50LWlwYS0wMDEu
>>  dGVuYW50Lnljcy5pbzANBgkqhkiG9w0BAQsFAAOCAQEAeEtevJdlJK/EkMe
>> E4lUFk5eMX/uhu8Ewr
>>  RZDpnpqMIp776QH64qiJTc4ZcA0ggrNePb1T92TLcOo4wW9N7Ih6/sgj7zh
>> GS62EfzhRPsMoJayZh
>>  ZhPHkqFEI9UsVKMayBZTnvAB8pgkrmumh7S2rgp4alUSGSPhRMQ2GWEvI85
>> 54F2bF4q0wAl0S/qNX
>>  UdFtS76W2OATcZZyYL8ufQfYo6tcFyFTl6KiMPtP8jKi6v3pDjVCR1eHK0Y
>> KswBaHCsl9Wlzlnz9U
>>  Xbt9a/d0x+c1RO9sRkD4RbCQVaWgdlTyllsH66/J9QtG1AbFFidPt8JtxkO
>> XjZ3J9oi/tiLoMUN5i
>>  A==
>> krbPwdPolicyReference: cn=Default Service Password
>> Policy,cn=services,cn=accou
>>  nts,dc=ipa,dc=domain,dc=com
>> nsds5ReplConflict: namingConflict krbprincipalname=http/ipaserver001.ipa
>>  .domain....@ipa.domain.com,cn=services,cn=accounts,dc=ipa,
>> dc=domain,dc=com
>>
>> # HTTP/ipaserver003.ipa.domain....@ipa.domain.com +
>> 5fffd19d-d21011e7-9ad4d14c
>>  -07041c4f, services, accounts, ipa.domain.com
>> dn: krbprincipalname=HTTP/ipaserver003.ipa.domain....@ipa.domain.com
>> +nsunique
>>  id=5fffd19d-d21011e7-9ad4d14c-07041c4f,cn=services,cn=
>> accounts,dc=ipa,dc=y
>>  cs,dc=com
>> ipaUniqueID: 78d35f24-d210-11e7-b055-0050568cb5f0
>> krbPrincipalName: HTTP/ipaserver003.ipa.domain....@ipa.domain.com
>> managedBy: fqdn=ipaserver003.ipa.domain.com,cn=computers,cn=accounts,dc
>> =tena
>>  nt,dc=domain,dc=com
>> krbCanonicalName: HTTP/ipaserver003.ipa.domain....@ipa.domain.com
>> ipaKrbPrincipalAlias: HTTP/ipaserver003.ipa.domain....@ipa.domain.com
>> objectClass: krbprincipal
>> objectClass: krbprincipalaux
>> objectClass: krbticketpolicyaux
>> objectClass: ipaobject
>> objectClass: ipaservice
>> objectClass: pkiuser
>> objectClass: ipakrbprincipal
>> objectClass: top
>> userCertificate:: MIIE4zCCA8ugAwIBAgIBHjANBgkqhk
>> iG9w0BAQsFADA4MRYwFAYDVQQKEw1U
>>  RU5BTlQuWUNTLklPMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHk
>> wHhcNMTcxMTI1MTg0M
>>  zA0WhcNMTkxMTI2MTg0MzA0WjBAMRYwFAYDVQQKDA1URU5BTlQuWUNTLklP
>> MSYwJAYDVQQDDB1ybz
>>  EtdG50LWlwYS0wMDMudGVuYW50Lnljcy5pbzCCASIwDQYJKoZIhvcNAQEBB
>> QADggEPADCCAQoCggE
>>  BANFhBMKFTE4xsmcld+NTEDgr5RyeHiQoVi695Lxh7LmT9ccBNPtZG6/
>> 4sceGQpcyJpdoZTFMxrFp
>>  97ZgfZwtT09uJxGtTIHVFctGRACm5E4+NlW2MCSwsod9OXH4P8QTCMdAapm
>> MWynKnFx+B3v7TJfES
>>  7WRP7GkcHofFSVtN3X1bUpfk4Co+1mDV85q7QFTmPaMzcREWmCr+DCwG3cy
>> +YZDIbsih07FkJeaTy
>>  lzIXvOEbQ7UaoZtMndH+8D/E4VboCV1x0Is0bjuCQqFcEiIQBgBHTPtXkMA
>> 5we+ZK4tsUgl1A0As7
>>  Df1oFlISnj2JwrkX6Ox8y7acIPOgnD6ecxesCAwEAAaOCAe4wggHqMB8GA1
>> UdIwQYMBaAFNiWa54L
>>  yD1nOFo3rjT6SNTGuZfgMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYY
>> jaHR0cDovL2lwYS1jY
>>  S50ZW5hbnQueWNzLmlvL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1Ud
>> JQQWMBQGCCsGAQUFBw
>>  MBBggrBgEFBQcDAjB4BgNVHR8EcTBvMG2gNaAzhjFodHRwOi8vaXBhLWNhL
>> nRlbmFudC55Y3MuaW8
>>  vaXBhL2NybC9NYXN0ZXJDUkwuYmluojSkMjAwMQ4wDAYDVQQKDAVpcGFjYT
>> EeMBwGA1UEAwwVQ2Vy
>>  dGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBSazpOqyaJc6zL8ZCqZLPI
>> smpT91jCBvQYDVR0RB
>>  IG1MIGygh1ybzEtdG50LWlwYS0wMDMudGVuYW50Lnljcy5pb6BABgorBgEE
>> AYI3FAIDoDIMMEhUVF
>>  Avcm8xLXRudC1pcGEtMDAzLnRlbmFudC55Y3MuaW9AVEVOQU5ULllDUy5JT
>> 6BPBgYrBgEFAgKgRTB
>>  DoA8bDVRFTkFOVC5ZQ1MuSU+hMDAuoAMCAQGhJzAlGwRIVFRQGx1ybzEtdG
>> 50LWlwYS0wMDMudGVu
>>  YW50Lnljcy5pbzANBgkqhkiG9w0BAQsFAAOCAQEAVlKBrfmIUBVU129Dd96
>> 328+nBRAmQhEcs5//Y
>>  C4uF5AQ7a54f9kUWhaRj504E8gXX/Ffen2q3YxXRAl0KKhZDrOCYjjyJE7R
>> fBTv4oNMG48PzoymvX
>>  RW/e7LWE1x2NtkyXt0MNKpEFFTWVYRq7Fz8KZqnasV48o6NW2js0ZRS3aR8
>> F/SUqTT7hzSo8mTdFe
>>  07L/MMtImQBFOB7qPZePZMABtkI4ot7sMMB9/tTgvX5bRkKrukGGa08qPBU
>> 9mM72V8BURnwKLzWcL
>>  3EHcomjPmZ4Q83XhxeWBDhxC4dtLQ3LvQJEpxPAU/TFiBMxCEChnpWT+EG7
>> tflVKft4nbdYFq3w==
>> krbPwdPolicyReference: cn=Default Service Password
>> Policy,cn=services,cn=accou
>>  nts,dc=ipa,dc=domain,dc=com
>> nsds5ReplConflict: namingConflict krbprincipalname=HTTP/ipaserver003.ipa
>>  .domain....@ipa.domain.com,cn=services,cn=accounts,dc=ipa,
>> dc=domain,dc=com
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 6
>> # numEntries: 5
>>
>> I uninstalled "oldipaserver" but I still get the replication conflict.
>>
>> I try to use ldapdelete but it keep on complaining about the syntax.
>>
>> Any suggestions?
>>
>> Thanks,
>> Alex
>>
>>
>> On Sat, Nov 25, 2017 at 11:57 AM, Sumit Bose via FreeIPA-users <
>> freeipa-users@lists.fedorahosted.org> wrote:
>>
>>> On Fri, Nov 24, 2017 at 07:04:10PM -0500, Alexandre Pitre via
>>> FreeIPA-users wrote:
>>> > Hi,
>>> >
>>> > I had two freeipa replica servers up and running in our german DC for
>>> > nearly 2 months and this morning out of the blue they stopped working.
>>> >
>>> > Looking at ipactl status, both servers are reporting that their
>>> directory
>>> > service is stopped. Trying to restart ipa only works from 2 minutes to
>>> an
>>> > hour.
>>> >
>>> > Looking at the /var/log/dirsrv/slapd-DOMAIN-COM/errors there's no
>>> errors
>>> > that show up before it crash.
>>> >
>>> > However, looking at /var/log/messages, this lovely segfault show up:
>>> >
>>> > XXXXXX kernel: ns-slapd[17507]: segfault at 8 ip 00007fb99e56149f sp
>>> > 00007fb96bee83c0 error 4 in libslapd.s
>>> > o.0.1.0[7fb99e483000+128000]
>>> >
>>> > Out of despair to get production back up and running quickly, I
>>> reinstalled
>>> > one replica...it worked for an hour and came back with the same issue.
>>> >
>>> > We have 6 other freeipa replica running accross 3 different site with
>>> zero
>>> > issues.
>>> >
>>> > We're running CentOS 7.4 with the latest packages, ipa-server-4.5.0-21
>>> &
>>> > 389-ds-base-1.3.6.1-21.
>>> >
>>> > Any clues why ?
>>>
>>> sorry, no clue but on
>>> http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes you can
>>> see how to get a core dump file. Inspecting this might help to
>>> understand what is going wrong.
>>>
>>> bye,
>>> Sumit
>>>
>>> >
>>> > Thanks
>>> >
>>> > --
>>> > Alexandre Pitre
>>> > alexandre.pi...@gmail.com
>>>
>>> > _______________________________________________
>>> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>>> > To unsubscribe send an email to freeipa-users-le...@lists.fedo
>>> rahosted.org
>>> _______________________________________________
>>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>>> To unsubscribe send an email to freeipa-users-le...@lists.fedo
>>> rahosted.org
>>>
>>
>>
>>
>> --
>> Alexandre Pitre
>> alexandre.pi...@gmail.com
>>
>
>
>
> --
> Alexandre Pitre
> alexandre.pi...@gmail.com
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>
> --
> Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
> Commercial register: Amtsgericht Muenchen, HRB 153243,
> Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, 
> Eric Shander
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>


-- 
Alexandre Pitre
alexandre.pi...@gmail.com
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to