seojeong kim via FreeIPA-users wrote: > 389 directory service automatically restarted. I can't find specific error > to trigger restart. there is no PANIC error and deadlock detect error... > > there is only just 'Incomming BER element was too long' > This error situation can trigger LDAP restart automatically ?
I'd recommend checking your system logs. It could be an OOM killer. There are ~30 seconds in between so it may not be directly related. A 369-ish GB attribute is enormous. I'd look into that as well, if not the culprit then as something that stands out on its own. rob > > > [19/Jul/2024:06:22:59.279311026 +0000] - ERR - log_ber_too_big_error - > conn=6079847 fd=396 Incoming BER Element was too long, max allowable is > 209715200 bytes. Change the nsslapd-maxbersize attribute in cn=config to > increase. > [19/Jul/2024:06:23:01.700334149 +0000] - ERR - log_ber_too_big_error - > conn=6079857 fd=1452 Incoming BER Element was too long, max allowable is > 209715200 bytes. Change the nsslapd-maxbersize attribute in cn=config to > increase. > [19/Jul/2024:06:27:57.779058899 +0000] - ERR - NSMMReplicationPlugin - > changelog program - _cl5WriteOperationTxn - retry (49) the transaction > (csn=669a075e000900e90000) failed (rc=-30993 (BDB0068 DB_LOCK_DEADLOCK: > Locker killed to resolve a deadlock)) > [19/Jul/2024:06:27:57.780583532 +0000] - ERR - NSMMReplicationPlugin - > changelog program - _cl5WriteOperationTxn - Failed to write entry with csn > (669a075e000900e90000); db error - -30993 BDB0068 DB_LOCK_DEADLOCK: Locker > killed to resolve a deadlock > [19/Jul/2024:06:27:57.781557073 +0000] - ERR - NSMMReplicationPlugin - > write_changelog_and_ruv - Can't add a change for > cn=penup-pre,cn=hostgroups,cn=accounts,dc=mydomain,dc=com (uniqid: > 000f3c05-70fc11eb-87e9f15a-5f2429bf, optype: 8) to changelog csn > 669a075e000900e90000 > [19/Jul/2024:06:27:58.125647535 +0000] - ERR - NSMMReplicationPlugin - > process_postop - Failed to apply update (669a075e000900e90000) error (1). > Aborting replication session(conn=6075545 op=2978) > [19/Jul/2024:06:30:38.073674777 +0000] - ERR - log_ber_too_big_error - > conn=6081159 fd=400 Incoming BER Element was 369736146107 bytes, max > allowable is 209715200 bytes. Change the nsslapd-maxbersize attribute in > cn=config to increase. > [19/Jul/2024:06:32:09.283886791 +0000] - ERR - connection_read_operation - > conn=6081404 received a non-LDAP message (tag 0x18, expected 0x30) > [19/Jul/2024:06:33:29.585984549 +0000] - ERR - log_ber_too_big_error - > conn=6081679 fd=311 Incoming BER Element was too long, max allowable is > 209715200 bytes. Change the nsslapd-maxbersize attribute in cn=config to > increase. > [19/Jul/2024:06:34:04.617847679 +0000] - ERR - slapd_system_isFIPS - Can not > access /proc/sys/crypto/fips_enabled - assuming FIPS is OFF > [19/Jul/2024:06:34:04.619891225 +0000] - ERR - slapd_system_isFIPS - Can not > access /proc/sys/crypto/fips_enabled - assuming FIPS is OFF > [19/Jul/2024:06:34:04.931778931 +0000] - INFO - util_get_hardware_threads - > Automatically configuring 16 threads > [19/Jul/2024:06:34:05.521184530 +0000] - WARN - Security Initialization - > /tmp is not a private namespace. pem files not exported there > [19/Jul/2024:06:34:05.522737820 +0000] - INFO - slapd_extract_cert - CA CERT > NAME: MYDOMAIN.COM IPA CA > [19/Jul/2024:06:34:05.524500653 +0000] - WARN - Security Initialization - SSL > alert: Sending pin request to SVRCore. You may need to run > systemd-tty-ask-password-agent to provide the password. > [19/Jul/2024:06:34:05.624809111 +0000] - INFO - slapd_extract_cert - SERVER > CERT NAME: Server-Cert > [19/Jul/2024:06:34:05.626359141 +0000] - WARN - Security Initialization - > /tmp is not a private namespace. pem files not exported there > [19/Jul/2024:06:34:05.627801709 +0000] - WARN - Security Initialization - > /tmp is not a private namespace. pem files not exported there > [19/Jul/2024:06:34:05.854933657 +0000] - INFO - Security Initialization - SSL > info: Enabling default cipher set. > [19/Jul/2024:06:34:05.856382522 +0000] - INFO - Security Initialization - SSL > info: Configured NSS Ciphers > [19/Jul/2024:06:34:05.857556371 +0000] - INFO - Security Initialization - SSL > info: TLS_AES_128_GCM_SHA256: enabled > [19/Jul/2024:06:34:05.858503393 +0000] - INFO - Security Initialization - SSL > info: TLS_CHACHA20_POLY1305_SHA256: enabled > [19/Jul/2024:06:34:05.859485862 +0000] - INFO - Security Initialization - SSL > info: TLS_AES_256_GCM_SHA384: enabled > [19/Jul/2024:06:34:05.860543982 +0000] - INFO - Security Initialization - SSL > info: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled > [19/Jul/2024:06:34:05.861588021 +0000] - INFO - Security Initialization - SSL > info: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled > [19/Jul/2024:06:34:05.862625065 +0000] - INFO - Security Initialization - SSL > info: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled > [19/Jul/2024:06:34:05.863601471 +0000] - INFO - Security Initialization - SSL > info: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled > [19/Jul/2024:06:34:05.864790795 +0000] - INFO - Security Initialization - SSL > info: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled > [19/Jul/2024:06:34:05.865759945 +0000] - INFO - Security Initialization - SSL > info: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled > [19/Jul/2024:06:34:05.866807116 +0000] - INFO - Security Initialization - SSL > info: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled > [19/Jul/2024:06:34:05.867919186 +0000] - INFO - Security Initialization - SSL > info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled > [19/Jul/2024:06:34:05.868910775 +0000] - INFO - Security Initialization - SSL > info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled > [19/Jul/2024:06:34:05.869828849 +0000] - INFO - Security Initialization - SSL > info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled > [19/Jul/2024:06:34:05.870846944 +0000] - INFO - Security Initialization - SSL > info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled > [19/Jul/2024:06:34:05.871884481 +0000] - INFO - Security Initialization - SSL > info: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled > [19/Jul/2024:06:34:05.872960919 +0000] - INFO - Security Initialization - SSL > info: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled > [19/Jul/2024:06:34:05.873942777 +0000] - INFO - Security Initialization - SSL > info: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled > [19/Jul/2024:06:34:05.874915469 +0000] - INFO - Security Initialization - SSL > info: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled > [19/Jul/2024:06:34:05.875865057 +0000] - INFO - Security Initialization - SSL > info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled > [19/Jul/2024:06:34:05.876812156 +0000] - INFO - Security Initialization - SSL > info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled > [19/Jul/2024:06:34:05.877842946 +0000] - INFO - Security Initialization - SSL > info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled > [19/Jul/2024:06:34:05.878878446 +0000] - INFO - Security Initialization - SSL > info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled > [19/Jul/2024:06:34:05.879941260 +0000] - INFO - Security Initialization - SSL > info: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled > [19/Jul/2024:06:34:05.880887578 +0000] - INFO - Security Initialization - SSL > info: TLS_RSA_WITH_AES_256_GCM_SHA384: enabled > [19/Jul/2024:06:34:05.881905650 +0000] - INFO - Security Initialization - SSL > info: TLS_RSA_WITH_AES_128_CBC_SHA: enabled > [19/Jul/2024:06:34:05.882724291 +0000] - INFO - Security Initialization - SSL > info: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled > [19/Jul/2024:06:34:05.883536996 +0000] - INFO - Security Initialization - SSL > info: TLS_RSA_WITH_AES_256_CBC_SHA: enabled > [19/Jul/2024:06:34:05.884375320 +0000] - INFO - Security Initialization - SSL > info: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled > [19/Jul/2024:06:34:06.172298339 +0000] - INFO - Security Initialization - > slapd_ssl_init2 - Configured SSL version range: min: TLS1.2, max: TLS1.3 > [19/Jul/2024:06:34:06.174035089 +0000] - INFO - Security Initialization - > slapd_ssl_init2 - NSS adjusted SSL version range: min: TLS1.2, max: TLS1.3 > [19/Jul/2024:06:34:06.175409580 +0000] - INFO - main - 389-Directory/1.4.3.12 > B2020.213.0000 starting up > -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue