Re: [Freeipa-users] IPA replica directory server hung

Thu, 19 Dec 2013 07:12:34 -0800 

On 12/19/2013 02:19 AM, Joe Mou wrote:

Thanks for the speedy reply. I am running on Fedora 19.

$ rpm -q 389-ds-base
389-ds-base-1.3.1.16-1.fc19.x86_64
$ rpm -q nss
nss-3.15.3-1.fc19.x86_64
Not sure what's going on, but let's see if we can get it "unstuck". It seems there is a conflict between the Class of Service plugin and the Member Of plugin. I think we may be able to disable the CoS plugin to allow the deletion to proceed. 

Do the following search to see what CoS definitions there are:
ldapsearch -xLLL -D "cn=directory manager" -W -b dc=the,dc=flatiron,dc=com '(objectclass=ldapsubentry)'
On Wed, Dec 18, 2013 at 2:54 PM, Rich Megginson <[email protected] <mailto:[email protected]>> wrote: 

    On 12/18/2013 12:43 PM, Joe Mou wrote:

    I have a broken IPA replica that appears to be suffering from a
    hung directory server. The master seems to be working fine, but
    LDAP requests to the replica hang indefinitely. I attached gdb to
    ns-slapd and suspect a deadlock in cos_cache.c.

    Thread 7 seems to be hung on an LDAP delete for a user account
    that we recently removed. Every time the directory server is
    started, it tries to issue this delete, apparently to sync the
    replica.

    I have been unsuccessful in trying to remove the offending
    replica because ipa-replica-manage seems to need to make LDAP
    requests against the replica. For example:

    $ ipa-replica-manage del p-ipa-wd02.prod.the.flatiron.com
    <http://p-ipa-wd02.prod.the.flatiron.com>
    ^CConnection to 'p-ipa-wd02.prod.the.flatiron.com
    <http://p-ipa-wd02.prod.the.flatiron.com>' failed: Insufficient
    access: SASL(0): successful result:
    Unable to delete replica 'p-ipa-wd02.prod.the.flatiron.com
    <http://p-ipa-wd02.prod.the.flatiron.com>'

    ^CTraceback (most recent call last):
      File "/usr/sbin/ipa-replica-manage", line 1252, in <module>
        main()
    KeyboardInterrupt

    Backtraces of the suspicious threads and log excerpts are at
    http://p.flatiron.com/~jmou/ipa/
    <http://p.flatiron.com/%7Ejmou/ipa/> . I was only able to install
    a limited set of debugging symbols; let me know if I can be of
    more help.

    Any help in fixing this replica or even just removing it would be
    greatly appreciated!


    What is your platform?  rpm -q 389-ds-base

    There were some hangs with rhel 6.4.z.  Please update to the
    latest 389-ds-base (1.2.11.15-30 or later) and nss 3.15.3 or later.



    Joe


    _______________________________________________
    Freeipa-users mailing list
    [email protected]  <mailto:[email protected]>
    https://www.redhat.com/mailman/listinfo/freeipa-users






_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to