<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 12/19/2013 02:19 AM, Joe Mou wrote:<br>
</div>
<blockquote
cite="mid:CA+KQ6oDs2Ne2ASd7w6M0uFRKtVB+jF=QTTYS75AAPnGbtio8Bw@mail.gmail.com"
type="cite">
<div dir="ltr">Thanks for the speedy reply. I am running on Fedora
19.
<div><br>
</div>
<div>
<div>$ rpm -q 389-ds-base</div>
<div>389-ds-base-1.3.1.16-1.fc19.x86_64</div>
</div>
<div>
<div>$ rpm -q nss </div>
<div>nss-3.15.3-1.fc19.x86_64</div>
</div>
</div>
</blockquote>
<br>
Not sure what's going on, but let's see if we can get it "unstuck".
It seems there is a conflict between the Class of Service plugin and
the Member Of plugin. I think we may be able to disable the CoS
plugin to allow the deletion to proceed.<br>
<br>
Do the following search to see what CoS definitions there are:<br>
ldapsearch -xLLL -D "cn=directory manager" -W -b
dc=the,dc=flatiron,dc=com '(objectclass=ldapsubentry)'<br>
<br>
<blockquote
cite="mid:CA+KQ6oDs2Ne2ASd7w6M0uFRKtVB+jF=QTTYS75AAPnGbtio8Bw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Wed, Dec 18, 2013 at 2:54 PM, Rich
Megginson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>
<div class="h5">
<div>On 12/18/2013 12:43 PM, Joe Mou wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I have a broken IPA replica that
appears to be suffering from a hung directory
server. The master seems to be working fine, but
LDAP requests to the replica hang indefinitely. I
attached gdb to ns-slapd and suspect a deadlock in
cos_cache.c.
<div> <br>
</div>
<div>Thread 7 seems to be hung on an LDAP delete
for a user account that we recently removed.
Every time the directory server is started, it
tries to issue this delete, apparently to sync
the replica.</div>
<div> <br>
</div>
<div>I have been unsuccessful in trying to remove
the offending replica because ipa-replica-manage
seems to need to make LDAP requests against the
replica. For example:</div>
<div><br>
</div>
<div>$ ipa-replica-manage del <a
moz-do-not-send="true"
href="http://p-ipa-wd02.prod.the.flatiron.com"
target="_blank">p-ipa-wd02.prod.the.flatiron.com</a>
</div>
<div>^CConnection to '<a moz-do-not-send="true"
href="http://p-ipa-wd02.prod.the.flatiron.com"
target="_blank">p-ipa-wd02.prod.the.flatiron.com</a>'
failed: Insufficient access: SASL(0): successful
result:</div>
<div>Unable to delete replica '<a
moz-do-not-send="true"
href="http://p-ipa-wd02.prod.the.flatiron.com"
target="_blank">p-ipa-wd02.prod.the.flatiron.com</a>'</div>
<div><br>
</div>
<div>^CTraceback (most recent call last):</div>
<div> File "/usr/sbin/ipa-replica-manage", line
1252, in <module></div>
<div> main()</div>
<div>KeyboardInterrupt</div>
<div><br>
</div>
<div>Backtraces of the suspicious threads and log
excerpts are at <a moz-do-not-send="true"
href="http://p.flatiron.com/%7Ejmou/ipa/"
target="_blank">http://p.flatiron.com/~jmou/ipa/</a> .
I was only able to install a limited set of
debugging symbols; let me know if I can be of
more help.</div>
<div><br>
</div>
<div>Any help in fixing this replica or even just
removing it would be greatly appreciated!</div>
</div>
</blockquote>
<br>
</div>
</div>
What is your platform? rpm -q 389-ds-base<br>
<br>
There were some hangs with rhel 6.4.z. Please update to
the latest 389-ds-base (1.2.11.15-30 or later) and nss
3.15.3 or later.<br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Joe</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>