[Freeipa-users] named-dyndb-ldap looses connection when the LDAP server is under high load
Petr Spacek
pspacek at redhat.com
Tue Apr 24 09:10:39 UTC 2012
On 04/24/2012 10:03 AM, Sigbjorn Lie wrote:
> Hi
>
> I have an issue that occured before, but I did not figure out what it was. It happened again
> today, and the issue is related to high load on the LDAP servers.
>
> I ran a batch job that added a lot of users to different groups, using the "ipa group-add-member
> --users="$members" $group" command. This caused high CPU load across all the LDAP servers as the
> changes we're replicating between the servers.
>
> After a few minutes DNS stopped working and errors started to occur in the messages log.
>
> The only way to get around it is to stop the batch job to lower the CPU load on the LDAP servers,
> and then kill the named daemon with kill -9 and restart named. "service named restart" timed out
> while stopping named and did not manage to restart the named daemon.
>
> This happened across all 3 IPA servers almost at the same time, taking the entire environment down.
>
> A rather nasty bug.
>
>
> Apr 24 09:32:08 ipa03 named[31837]: LDAP error: Invalid DN syntax
> Apr 24 09:32:08 ipa03 named[31837]: connection to the LDAP server was lost
> Apr 24 09:32:09 ipa03 named[31837]: LDAP error: Invalid DN syntax
> Apr 24 09:32:09 ipa03 named[31837]: connection to the LDAP server was lost
>
>
>
> Regards,
> Siggi
Hello,
you are right, it's very nasty bug.
We know about this problem with "Invalid DN syntax". Patch is already done and
on the way to upstream, please stay tuned.
Petr^2 Spacek
More information about the Freeipa-users
mailing list