Re: [389-users] WinSync agreement deletes directoryt server users

[Noriko Hosoi]

On 10/22/2015 03:31 AM, Mizrahi, Yair wrote:


I dumped the users to LDIF file but didn’t find anything special 
between the affected and unaffected users


The only clue I found in the replication log is it doesn’t recognize 
the affected users as local (also says uid is -1) and then it deletes 
them.


Can we have the part of the log?  Of course, you could replace the real 
name with something like "#".

Thanks!


*From:*389-users-boun...@lists.fedoraproject.org 
[mailto:389-users-boun...@lists.fedoraproject.org] *On Behalf Of 
*Noriko Hosoi

*Sent:* Monday, October 19, 2015 7:35 PM
*To:* General discussion list for the 389 Directory server project.
*Subject:* Re: [389-users] WinSync agreement deletes directoryt server 
users


On 10/19/2015 09:23 AM, Mizrahi, Yair wrote:

i'll do some comparison tomorrow between affected and unaffected
user, hopefully I will find something

Thanks a lot!!

Sent from my Samsung device



 Original message 
From: Noriko Hosoi  
Date: 19/10/2015 19:04 (GMT+02:00)
To: 389-users@lists.fedoraproject.org 

Subject: Re: [389-users] WinSync agreement deletes directoryt server 
users


Thank you for the update.

Regarding this symptom:
> they are also gets deleted from directory server (around 200 users 
from 550).
I'm curious what's the difference between the deleted 200 users and 
the rest.


Thanks,
--noriko

On 10/19/2015 12:35 AM, Mizrahi, Yair wrote:

Hi Noriko,

This is the version I have installed:
389-ds-base-1.2.11.15-60.el6.x86_64 on CentOS 6.5

I was able to work around the problem by backing up the group and
people OU to LDIF files , do the sync (which deleted the affected
accounts)and after that importing them back, this caused the LDAP
server to sync them to AD.

BTW I noticed the initial sync is deleting the same accounts.

Thanks,

*From:*389-users-boun...@lists.fedoraproject.org

[mailto:389-users-boun...@lists.fedoraproject.org] *On Behalf Of
*Noriko Hosoi
*Sent:* Monday, October 19, 2015 12:23 AM
*To:* 389-users@lists.fedoraproject.org

*Subject:* Re: [389-users] WinSync agreement deletes directoryt
server users

On 10/18/2015 02:06 AM, Mizrahi, Yair wrote:

Hi,

I have setup a sync agreement between directory server and
active directory 2012R2 and I’m getting a very strange
behavior, if I am doing 2 way sync (the default) the sync
completes successfully but not all the users are created in
AD, not only that , they are also gets deleted from directory
server (around 200 users from 550).

I’m syncing to Blank OU in AD

My DS version is 1.2.2-1

 Is it the version of 389-ds-base (not 389-ds)?

rpm -q 389-ds-base

Thanks,

cid:image001.gif@01CE0DED.C3CB64A0XtremIO



*Yair Mizrahi*

Sr Lab IT engineer

Office: + 972 722563243

Mobile: + 972 54 2327687

Email: yair.mizr...@emc.com 



**



*EMC² - XtremIO
*Glil Yam 46905,

Herzliya,

Israel
www.emc.com 



--

389 users mailing list

389-users@lists.fedoraproject.org


https://admin.fedoraproject.org/mailman/listinfo/389-users



--

389 users mailing list

389-users@lists.fedoraproject.org


https://admin.fedoraproject.org/mailman/listinfo/389-users





--
389 users mailing list
389-users@lists.fedoraproject.org 


https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Re: [389-users] DS crashed /killed by OS

[Fong, Trevor]

Hi German,

Thanks for your suggestion.  I’m happy to confirm that setting userRoot’s 
nsslapd-cachememsize: 429496730 (1/15th of previous value of 6 GB) has 
addressed the memory issue for now, and % Mem for the ns-slapd process seems to 
be at a manageable level.

Thanks very much,
Trev




On 2015-10-20, 11:07 AM, "389-users-boun...@lists.fedoraproject.org on behalf 
of German Parente" <389-users-boun...@lists.fedoraproject.org on behalf of 
gpare...@redhat.com> wrote:

>
>Hi Trevor,
>
>400Mb could be a more reasonable value. With a cache of 6gb, fragmentation 
>could very quickly provoke the OOM killer error.
>
>Regards,
>
>German.
>
>- Original Message -
>> From: "Trevor Fong" 
>> To: "General discussion list for the 389 Directory server project." 
>> <389-users@lists.fedoraproject.org>
>> Sent: Tuesday, October 20, 2015 7:44:06 PM
>> Subject: Re: [389-users] DS crashed /killed by OS
>> 
>> Hi German,
>> 
>> Thanks very much for your reply.
>> Just to make sure I have it straight, I’ve currently got userRoot’s
>> nsslapd-cachememsize = 6 GB on at 16GB machine.
>> I should change that to nsslapd-cachememsize = 6 GB / 15 = 429496730
>> Do I have that right?
>> 
>> Thanks again,
>> Trev
>> 
>> 
>> 
>> 
>> On 2015-10-20, 10:23 AM, "389-users-boun...@lists.fedoraproject.org on behalf
>> of German Parente" <389-users-boun...@lists.fedoraproject.org on behalf of
>> gpare...@redhat.com> wrote:
>> 
>> >Hi Trevor,
>> >
>> >no problem. In fact, this issue has been investigated by the experts and
>> >it's due to fragmentation. A fix is being tested right internally but not
>> >delivered yet, to use a different allocator.
>> >
>> >The official workaround is different to the one I have proposed. It's
>> >finally to define entry cache rather small since the fragmentation could be
>> >like
>> >
>> >15 * size of entry cache.
>> >
>> >So, we need something like (15 * size of entry cache )  <  Available memory.
>> >
>> >Thanks and regards,
>> >
>> >German.
>> >
>> >
>> >
>> >- Original Message -
>> >> From: "Trevor Fong" 
>> >> To: "General discussion list for the 389 Directory server project."
>> >> <389-users@lists.fedoraproject.org>
>> >> Sent: Tuesday, October 20, 2015 7:09:46 PM
>> >> Subject: Re: [389-users] DS crashed /killed by OS
>> >> 
>> >> Hi German,
>> >> 
>> >> Apologies for resurrecting an old thread.
>> >> We're also experiencing something similar.  We're currently running
>> >> 389-ds-base-1.2.11.15-48.el6_6.x86_64
>> >> 
>> >> I'm afraid I don't have login privileges in order to view the details of
>> >> the
>> >> bug you linked.
>> >> Could you please post details of how you defined an entry cache to include
>> >> the whole db, and why this works?
>> >> 
>> >> FYI - moves are afoot re upgrading DS on a set of new servers, but in the
>> >> meantime, we need to address this issue.
>> >> 
>> >> 
>> >> Thanks a lot,
>> >> Trev
>> >> 
>> >> 
>> >> 
>> >> 
>> >> 
>> >> On 2015-02-05, 1:57 AM, "389-users-boun...@lists.fedoraproject.org on
>> >> behalf
>> >> of German Parente" <389-users-boun...@lists.fedoraproject.org on behalf of
>> >> gpare...@redhat.com> wrote:
>> >> 
>> >> >
>> >> >Hi,
>> >> >
>> >> >we have had several customer cases showing this behavior. In one of these
>> >> >cases, we have confirmed it was due to memory fragmentation after
>> >> >cache-trashing.
>> >> >
>> >> >We have stopped seeing this behavior by defining an entry cache which
>> >> >includes the whole db (when possible, of course).
>> >> >
>> >> >Details can be found at:
>> >> >
>> >> >https://bugzilla.redhat.com/show_bug.cgi?id=1186512
>> >> >Apparent memory leak in ns-slapd; OOM-Killer invoked
>> >> >
>> >> >Regards,
>> >> >
>> >> >German
>> >> >
>> >> >- Original Message -
>> >> >> From: "David Boreham" 
>> >> >> To: 389-users@lists.fedoraproject.org
>> >> >> Sent: Wednesday, February 4, 2015 8:50:55 PM
>> >> >> Subject: Re: [389-users] DS crashed /killed by OS
>> >> >> 
>> >> >> On 2/4/2015 11:20 AM, ghiureai wrote:
>> >> >> 
>> >> >> 
>> >> >> 
>> >> >> Out of memory: Kill process 2090 (ns-slapd) score 954 or sacrifice
>> >> >> child
>> >> >> 
>> >> >> It wasn't clear to me from your post whether you already have a good
>> >> >> understanding of the OOM killer behavior in the kernel.
>> >> >> On the chance that you're not yet familiar with its ways, suggest
>> >> >> reading,
>> >> >> for example this article :
>> >> >> http://unix.stackexchange.com/questions/153585/how-oom-killer-decides-which-process-to-kill-first
>> >> >> I mention this because it may not be the DS that is the problem (not
>> >> >> saying
>> >> >> that it absolutely is not, but it might not be).
>> >> >> The OMM killer picks a process that is using a large amount of memory,
>> >> >> and
>> >> >> kills it in order to preserve system stability.
>> >> >> This does not necessarily imply that the process it kills is the
>> >> >> process
>> >> >> that
>> >> >> is causing the 

Re: [389-users] WinSync agreement deletes directoryt server users

[Mizrahi, Yair]

I dumped the users to LDIF file but didn’t find anything special between the 
affected and unaffected users
The only clue I found in the replication log is it doesn’t recognize the 
affected users as local (also says uid is -1) and then it deletes them.

From: 389-users-boun...@lists.fedoraproject.org 
[mailto:389-users-boun...@lists.fedoraproject.org] On Behalf Of Noriko Hosoi
Sent: Monday, October 19, 2015 7:35 PM
To: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] WinSync agreement deletes directoryt server users

On 10/19/2015 09:23 AM, Mizrahi, Yair wrote:
i'll do some comparison tomorrow between affected and unaffected user, 
hopefully I will find something
Thanks a lot!!




Sent from my Samsung device


 Original message 
From: Noriko Hosoi 
Date: 19/10/2015 19:04 (GMT+02:00)
To: 389-users@lists.fedoraproject.org
Subject: Re: [389-users] WinSync agreement deletes directoryt server users
Thank you for the update.

Regarding this symptom:
> they are also gets deleted from directory server (around 200 users from 550).
I'm curious what's the difference between the deleted 200 users and the rest.

Thanks,
--noriko

On 10/19/2015 12:35 AM, Mizrahi, Yair wrote:
Hi Noriko,
This is the version I have installed:
389-ds-base-1.2.11.15-60.el6.x86_64 on CentOS 6.5

I was able to work around the problem by backing up the group and people OU to 
LDIF files , do the sync (which deleted the affected accounts)and after that 
importing them back, this caused the LDAP server to sync them to AD.
BTW I noticed the initial sync is deleting the same accounts.

Thanks,


From: 
389-users-boun...@lists.fedoraproject.org
 [mailto:389-users-boun...@lists.fedoraproject.org] On Behalf Of Noriko Hosoi
Sent: Monday, October 19, 2015 12:23 AM
To: 389-users@lists.fedoraproject.org
Subject: Re: [389-users] WinSync agreement deletes directoryt server users

On 10/18/2015 02:06 AM, Mizrahi, Yair wrote:
Hi,
I have setup a sync agreement between directory server and active directory 
2012R2 and I’m getting a very strange behavior, if I am doing 2 way sync (the 
default) the sync completes successfully but not all the users are created in 
AD, not only that , they are also gets deleted from directory server (around 
200 users from 550).
I’m syncing to Blank OU in AD
My DS version is 1.2.2-1
 Is it the version of 389-ds-base (not 389-ds)?

rpm -q 389-ds-base
Thanks,



[cid:][cid:]

Yair Mizrahi
Sr Lab IT engineer
Office: + 972 722563243
Mobile: + 972 54 2327687
Email: yair.mizr...@emc.com



EMC² - XtremIO
Glil Yam 46905,
Herzliya,
Israel
www.emc.com






--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users




--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users





--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users