[Freeipa-users] ns-slapd segfault

Tue Nov 29 14:27:04 UTC 2016

Il 29/11/2016 14:46, Giulio Casella ha scritto:
> Il 29/11/2016 14:19, Mark Reynolds ha scritto:
>>
>>
>> On 11/29/2016 03:14 AM, Giulio Casella wrote:
>>> Il 28/11/2016 19:22, Mark Reynolds ha scritto:
>>>>
>>>>
>>>> On 11/28/2016 10:22 AM, Giulio Casella wrote:
>>>>> Il 28/11/2016 15:25, Lukas Slebodnik ha scritto:
>>>>>> On (28/11/16 12:39), Giulio Casella wrote:
>>>>>>> Hello,
>>>>>>>
>>>>>>> I have a setup with two ipa server in replica, based on CentOS 7.
>>>>>>> On one server (since a couple of days) ipa cannot start, the failing
>>>>>>> service
>>>>>>> is dirsrv@<REALM-NAME>.service.
>>>>>>> In journal I have:
>>>>>>>
>>>>>>> ns-slapd[4617]: segfault at 7fb53b1ce515 ip 00007fb50126e1a6sp
>>>>>>> 00007ffc0b80d6c8 error 4 in libc-2.17.so[7fb501124000+1b7000]
>>>>>>>
>>>>>>> (just after a lot of SSL alerts complaining about some enabled
>>>>>>> cypher suite,
>>>>>>> but I cannot say if this could be related).
>>>>>>>
>>>>>>> I'm using ipa 4.2.0, and 389-ds-base 1.3.4.
>>>>>>>
>>>>>> It would be good to know the exact version.
>>>>>> rpm -q 389-ds-base
>>>>>
>>>>> Installed version is:
>>>>>
>>>>> 389-ds-base-1.3.4.0-33.el7_2.x86_64
>>>>>
>>>>>>
>>>>>> Please provide backtrace or coredump; other developers will know
>>>>>> wheter it's know bug or a new bug.
>>>>>
>>>>> Ok, you can find attached full stacktrace.
>>>> It's crashing trying to read updates from the replication changelog.
>>>>
>>>> Are you using attribute encryption?
>>>> Any chance you have a way to reproduce this?
>>>>
>>>> Since this is happening on only one server then I think recreating the
>>>> replication changelog will "fix" the issue.  Just re-initializing that
>>>> replica should do it.  Does this server start - so it can be reinited?
>>>> If not, you need to manually remove the changelog and start the
>>>> directory server, and reinit it.  Or perform a manual ldif
>>>> initialization.  (I can help with either one if needed)
>>>>
>>>
>>> No, directory server can't start, so I think I have to manually remove
>>> the changelog.
>> Probably best:
>>
>> Its under /var/lib/dirsrv/slapd-INSTANCE/db/changelog  (something like
>> that)
>>
>>> Any help is obviously welcome.
>>> BTW: Do you confirm I won't lose data on second (working) server doing
>>> removal of changelog?
>> Well the changelog appears to be hosed.  So if something is lost, its
>> already lost and is not recoverable.  As long as you have another master
>> you are okay, and IPA only creates masters so you should be good.
>>
>
> Thank you Mark,
> I moved away and recreated entire
> /var/lib/dirsrv/slapd-INSTANCE/db/changelog directory, rebooted server
> and now it's up and running!
>

For completeness: I've removed also the content of 
/var/lib/dirsrv/slapd-INSTANCE/cldb (I think cldb stands for changelog 
database) to make it work.