[Freeipa-users] IPA replica directory server hung

Rich Megginson rmeggins at redhat.com
Thu Dec 19 15:07:18 UTC 2013 

On 12/19/2013 02:19 AM, Joe Mou wrote:
> Thanks for the speedy reply. I am running on Fedora 19.
>
> $ rpm -q 389-ds-base
> 389-ds-base-1.3.1.16-1.fc19.x86_64
> $ rpm -q nss
> nss-3.15.3-1.fc19.x86_64

Not sure what's going on, but let's see if we can get it "unstuck". It 
seems there is a conflict between the Class of Service plugin and the 
Member Of plugin.  I think we may be able to disable the CoS plugin to 
allow the deletion to proceed.

Do the following search to see what CoS definitions there are:
ldapsearch -xLLL -D "cn=directory manager" -W -b 
dc=the,dc=flatiron,dc=com '(objectclass=ldapsubentry)'

>
>
> On Wed, Dec 18, 2013 at 2:54 PM, Rich Megginson <rmeggins at redhat.com 
> <mailto:rmeggins at redhat.com>> wrote:
>
>     On 12/18/2013 12:43 PM, Joe Mou wrote:
>>     I have a broken IPA replica that appears to be suffering from a
>>     hung directory server. The master seems to be working fine, but
>>     LDAP requests to the replica hang indefinitely. I attached gdb to
>>     ns-slapd and suspect a deadlock in cos_cache.c.
>>
>>     Thread 7 seems to be hung on an LDAP delete for a user account
>>     that we recently removed. Every time the directory server is
>>     started, it tries to issue this delete, apparently to sync the
>>     replica.
>>
>>     I have been unsuccessful in trying to remove the offending
>>     replica because ipa-replica-manage seems to need to make LDAP
>>     requests against the replica. For example:
>>
>>     $ ipa-replica-manage del p-ipa-wd02.prod.the.flatiron.com
>>     <http://p-ipa-wd02.prod.the.flatiron.com>
>>     ^CConnection to 'p-ipa-wd02.prod.the.flatiron.com
>>     <http://p-ipa-wd02.prod.the.flatiron.com>' failed: Insufficient
>>     access: SASL(0): successful result:
>>     Unable to delete replica 'p-ipa-wd02.prod.the.flatiron.com
>>     <http://p-ipa-wd02.prod.the.flatiron.com>'
>>
>>     ^CTraceback (most recent call last):
>>       File "/usr/sbin/ipa-replica-manage", line 1252, in <module>
>>         main()
>>     KeyboardInterrupt
>>
>>     Backtraces of the suspicious threads and log excerpts are at
>>     http://p.flatiron.com/~jmou/ipa/
>>     <http://p.flatiron.com/%7Ejmou/ipa/> . I was only able to install
>>     a limited set of debugging symbols; let me know if I can be of
>>     more help.
>>
>>     Any help in fixing this replica or even just removing it would be
>>     greatly appreciated!
>
>     What is your platform?  rpm -q 389-ds-base
>
>     There were some hangs with rhel 6.4.z.  Please update to the
>     latest 389-ds-base (1.2.11.15-30 or later) and nss 3.15.3 or later.
>
>>
>>     Joe
>>
>>
>>     _______________________________________________
>>     Freeipa-users mailing list
>>     Freeipa-users at redhat.com  <mailto:Freeipa-users at redhat.com>
>>     https://www.redhat.com/mailman/listinfo/freeipa-users
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20131219/37cef6b3/attachment.htm>

More information about the Freeipa-users mailing list