On Wed, 18 Feb 2015, Thomas Raehalme wrote:
Hi!On Mon, Feb 16, 2015 at 8:44 AM, Alexander Bokovoy <aboko...@redhat.com> wrote:I suspect you've triggered https://fedorahosted.org/freeipa/ticket/4586 and https://fedorahosted.org/freeipa/ticket/4635 -- slapi-nis plugin configuration does not limit itself to $SUFFIX and listens to changes in cn=changelog too so it may deadlock with a replication traffic. We fixed these partly by changing slapi-nis configuration, partly by fixing bugs in 389-ds. I wonder if amending your slapi-nis config to avoid triggering internal searches on cn=changelog would be enough.Is it possible to go around this issue by disabling replication? If so, is ipa-replica-manage disconnect enough or should we use del instead?
I think you are solving wrong issue. Changing slapi-nis configuration to ignore cn=changelog was the change we did for FreeIPA 4.1. We ended up ignoring a bit more subtrees too: https://fedorahosted.org/freeipa/ticket/4635#comment:16 You need to show backtraces of nsslapd when it doesn't respond on LDAP queries to verify it is the same issue but I suspect it is very likely the issue. -- / Alexander Bokovoy
Description: PGP signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project