Re: [Freeipa-users] IPA replica directory server hung

Thu, 19 Dec 2013 14:48:10 -0800 

On 12/19/2013 03:17 PM, Joe Mou wrote:
On Thu, Dec 19, 2013 at 10:01 AM, Rich Megginson <rmegg...@redhat.com <mailto:rmegg...@redhat.com>> wrote: 

    On 12/19/2013 09:19 AM, Joe Mou wrote:

    Here are the results of that command:

    $ ldapsearch -xLLL -D "cn=directory manager" -W -b
    dc=the,dc=flatiron,dc=com '(objectclass=ldapsubentry)'
    Enter LDAP Password:
    dn: cn=Password Policy,cn=accounts,dc=the,dc=flatiron,dc=com
    cn: Password Policy
    cosspecifier: memberOf
    cosAttribute: krbPwdPolicyReference override
    costemplatedn: cn=cosTemplates,cn=accounts,dc=the,dc=flatiron,dc=com
    objectClass: top
    objectClass: ldapsubentry
    objectClass: cosSuperDefinition
    objectClass: cosClassicDefinition
    description: Password Policy based on group membership


    Ok.  Looks like IPA uses CoS for password policy based on group
    membership using the memberof attribute in each user's entry.

    I think we can temporarily disable this.

    First, save the above entry to a file e.g. pwpolicycos.ldif

    Next, ipactl restart
    Just after the directory server is restarted, delete this entry:
    ldapdelete -x -D "cn=directory manager" -W "cn=Password
    Policy,cn=accounts,dc=the,dc=flatiron,dc=com"

    Once everything is working again, add back the entry:

    ldapmodify -x -D "cn=directory manager" -W -a -f pwpolicycos.ldif



Thanks Rich, that partially worked. The replica gets unstuck and is 
able to service requests. But it looks like mutations are still not 
working completely correctly. For example if I do a `ipa user-add 
joe-test --first=joe --last=test` then that command hangs. At this 
point the directory server gets wedged, apparently similarly to 
before. However this time restarting the directory server unsticks it. 
Only certain operations seem to break, as updating a user's job title 
works fine. Backtraces are available: 
http://p.flatiron.com/~jmou/ipa/stacktrace.1387489013.txt 
<http://p.flatiron.com/%7Ejmou/ipa/stacktrace.1387489013.txt>





Please open a ticket at https://fedorahosted.org/389/newticket - you can 
attach stack traces to the ticket



Joe



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users





















					Reply via email to