Il 29/11/2016 14:46, Giulio Casella ha scritto:
Il 29/11/2016 14:19, Mark Reynolds ha scritto:



On 11/29/2016 03:14 AM, Giulio Casella wrote:
Il 28/11/2016 19:22, Mark Reynolds ha scritto:


On 11/28/2016 10:22 AM, Giulio Casella wrote:
Il 28/11/2016 15:25, Lukas Slebodnik ha scritto:
On (28/11/16 12:39), Giulio Casella wrote:
Hello,

I have a setup with two ipa server in replica, based on CentOS 7.
On one server (since a couple of days) ipa cannot start, the failing
service
is dirsrv@<REALM-NAME>.service.
In journal I have:

ns-slapd[4617]: segfault at 7fb53b1ce515 ip 00007fb50126e1a6sp
00007ffc0b80d6c8 error 4 in libc-2.17.so[7fb501124000+1b7000]

(just after a lot of SSL alerts complaining about some enabled
cypher suite,
but I cannot say if this could be related).

I'm using ipa 4.2.0, and 389-ds-base 1.3.4.

It would be good to know the exact version.
rpm -q 389-ds-base

Installed version is:

389-ds-base-1.3.4.0-33.el7_2.x86_64


Please provide backtrace or coredump; other developers will know
wheter it's know bug or a new bug.

Ok, you can find attached full stacktrace.
It's crashing trying to read updates from the replication changelog.

Are you using attribute encryption?
Any chance you have a way to reproduce this?

Since this is happening on only one server then I think recreating the
replication changelog will "fix" the issue.  Just re-initializing that
replica should do it.  Does this server start - so it can be reinited?
If not, you need to manually remove the changelog and start the
directory server, and reinit it.  Or perform a manual ldif
initialization.  (I can help with either one if needed)


No, directory server can't start, so I think I have to manually remove
the changelog.
Probably best:

Its under /var/lib/dirsrv/slapd-INSTANCE/db/changelog  (something like
that)

Any help is obviously welcome.
BTW: Do you confirm I won't lose data on second (working) server doing
removal of changelog?
Well the changelog appears to be hosed.  So if something is lost, its
already lost and is not recoverable.  As long as you have another master
you are okay, and IPA only creates masters so you should be good.


Thank you Mark,
I moved away and recreated entire
/var/lib/dirsrv/slapd-INSTANCE/db/changelog directory, rebooted server
and now it's up and running!


For completeness: I've removed also the content of /var/lib/dirsrv/slapd-INSTANCE/cldb (I think cldb stands for changelog database) to make it work.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to