On 04/24/2012 10:03 AM, Sigbjorn Lie wrote:
I have an issue that occured before, but I did not figure out what it was. It
today, and the issue is related to high load on the LDAP servers.
I ran a batch job that added a lot of users to different groups, using the "ipa
--users="$members" $group" command. This caused high CPU load across all the
LDAP servers as the
changes we're replicating between the servers.
After a few minutes DNS stopped working and errors started to occur in the
The only way to get around it is to stop the batch job to lower the CPU load on
the LDAP servers,
and then kill the named daemon with kill -9 and restart named. "service named
restart" timed out
while stopping named and did not manage to restart the named daemon.
This happened across all 3 IPA servers almost at the same time, taking the
entire environment down.
A rather nasty bug.
Apr 24 09:32:08 ipa03 named: LDAP error: Invalid DN syntax
Apr 24 09:32:08 ipa03 named: connection to the LDAP server was lost
Apr 24 09:32:09 ipa03 named: LDAP error: Invalid DN syntax
Apr 24 09:32:09 ipa03 named: connection to the LDAP server was lost
you are right, it's very nasty bug.
We know about this problem with "Invalid DN syntax". Patch is already done and
on the way to upstream, please stay tuned.
Freeipa-users mailing list