[Freeipa-users] Re: LDAP automatically restarted

Fri, 19 Jul 2024 13:15:57 -0700 


On 7/19/24 8:26 AM, Rob Crittenden via FreeIPA-users wrote:

seojeong kim via FreeIPA-users wrote:

389 directory service automatically restarted.  I can't find specific error to 
trigger restart.   there is no PANIC error and deadlock detect error...

there is only just  'Incomming BER element was too long'
This error situation can trigger  LDAP restart automatically ?

I'd recommend checking your system logs. It could be an OOM killer.

There are ~30 seconds in between so it may not be directly related.
But when DS crashes there should be a "Detected disorderly shutdown" message in its error log when it starts back up - which I don't see in your log clip.  Perhaps the server ran out of memory, like Rob suggested, and it quietly shut itself down?  When malloc fails, or some other critical C library call fails the server will exit, or try to gracefully shutdown.  It's hard to say, but the server would normally log something if that type of failure occurred.  The only good news is that the database was not corrupted.  So it's a bit of mystery how it could just exit, but not log the reason or trigger a database recovery at the next startup.  But like I said the good news is that the database was not impacted by the crash/exit. 

Mark



A 369-ish GB attribute is enormous. I'd look into that as well, if not
the culprit then as something that stands out on its own.

rob



[19/Jul/2024:06:22:59.279311026 +0000] - ERR - log_ber_too_big_error - 
conn=6079847 fd=396 Incoming BER Element was too long, max allowable is 
209715200 bytes. Change the nsslapd-maxbersize attribute in cn=config to 
increase.
[19/Jul/2024:06:23:01.700334149 +0000] - ERR - log_ber_too_big_error - 
conn=6079857 fd=1452 Incoming BER Element was too long, max allowable is 
209715200 bytes. Change the nsslapd-maxbersize attribute in cn=config to 
increase.
[19/Jul/2024:06:27:57.779058899 +0000] - ERR - NSMMReplicationPlugin - 
changelog program - _cl5WriteOperationTxn - retry (49) the transaction 
(csn=669a075e000900e90000) failed (rc=-30993 (BDB0068 DB_LOCK_DEADLOCK: Locker 
killed to resolve a deadlock))
[19/Jul/2024:06:27:57.780583532 +0000] - ERR - NSMMReplicationPlugin - 
changelog program - _cl5WriteOperationTxn - Failed to write entry with csn 
(669a075e000900e90000); db error - -30993 BDB0068 DB_LOCK_DEADLOCK: Locker 
killed to resolve a deadlock
[19/Jul/2024:06:27:57.781557073 +0000] - ERR - NSMMReplicationPlugin - 
write_changelog_and_ruv - Can't add a change for 
cn=penup-pre,cn=hostgroups,cn=accounts,dc=mydomain,dc=com (uniqid: 
000f3c05-70fc11eb-87e9f15a-5f2429bf, optype: 8) to changelog csn 
669a075e000900e90000
[19/Jul/2024:06:27:58.125647535 +0000] - ERR - NSMMReplicationPlugin - 
process_postop - Failed to apply update (669a075e000900e90000) error (1).  
Aborting replication session(conn=6075545 op=2978)
[19/Jul/2024:06:30:38.073674777 +0000] - ERR - log_ber_too_big_error - 
conn=6081159 fd=400 Incoming BER Element was 369736146107 bytes, max allowable 
is 209715200 bytes. Change the nsslapd-maxbersize attribute in cn=config to 
increase.
[19/Jul/2024:06:32:09.283886791 +0000] - ERR - connection_read_operation - 
conn=6081404 received a non-LDAP message (tag 0x18, expected 0x30)
[19/Jul/2024:06:33:29.585984549 +0000] - ERR - log_ber_too_big_error - 
conn=6081679 fd=311 Incoming BER Element was too long, max allowable is 
209715200 bytes. Change the nsslapd-maxbersize attribute in cn=config to 
increase.
[19/Jul/2024:06:34:04.617847679 +0000] - ERR - slapd_system_isFIPS - Can not 
access /proc/sys/crypto/fips_enabled - assuming FIPS is OFF
[19/Jul/2024:06:34:04.619891225 +0000] - ERR - slapd_system_isFIPS - Can not 
access /proc/sys/crypto/fips_enabled - assuming FIPS is OFF
[19/Jul/2024:06:34:04.931778931 +0000] - INFO - util_get_hardware_threads - 
Automatically configuring 16 threads
[19/Jul/2024:06:34:05.521184530 +0000] - WARN - Security Initialization - /tmp 
is not a private namespace. pem files not exported there
[19/Jul/2024:06:34:05.522737820 +0000] - INFO - slapd_extract_cert - CA CERT 
NAME: MYDOMAIN.COM IPA CA
[19/Jul/2024:06:34:05.524500653 +0000] - WARN - Security Initialization - SSL 
alert: Sending pin request to SVRCore. You may need to run 
systemd-tty-ask-password-agent to provide the password.
[19/Jul/2024:06:34:05.624809111 +0000] - INFO - slapd_extract_cert - SERVER 
CERT NAME: Server-Cert
[19/Jul/2024:06:34:05.626359141 +0000] - WARN - Security Initialization - /tmp 
is not a private namespace. pem files not exported there
[19/Jul/2024:06:34:05.627801709 +0000] - WARN - Security Initialization - /tmp 
is not a private namespace. pem files not exported there
[19/Jul/2024:06:34:05.854933657 +0000] - INFO - Security Initialization - SSL 
info: Enabling default cipher set.
[19/Jul/2024:06:34:05.856382522 +0000] - INFO - Security Initialization - SSL 
info: Configured NSS Ciphers
[19/Jul/2024:06:34:05.857556371 +0000] - INFO - Security Initialization - SSL 
info:     TLS_AES_128_GCM_SHA256: enabled
[19/Jul/2024:06:34:05.858503393 +0000] - INFO - Security Initialization - SSL 
info:     TLS_CHACHA20_POLY1305_SHA256: enabled
[19/Jul/2024:06:34:05.859485862 +0000] - INFO - Security Initialization - SSL 
info:     TLS_AES_256_GCM_SHA384: enabled
[19/Jul/2024:06:34:05.860543982 +0000] - INFO - Security Initialization - SSL 
info:     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[19/Jul/2024:06:34:05.861588021 +0000] - INFO - Security Initialization - SSL 
info:     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[19/Jul/2024:06:34:05.862625065 +0000] - INFO - Security Initialization - SSL 
info:     TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled
[19/Jul/2024:06:34:05.863601471 +0000] - INFO - Security Initialization - SSL 
info:     TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
[19/Jul/2024:06:34:05.864790795 +0000] - INFO - Security Initialization - SSL 
info:     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
[19/Jul/2024:06:34:05.865759945 +0000] - INFO - Security Initialization - SSL 
info:     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[19/Jul/2024:06:34:05.866807116 +0000] - INFO - Security Initialization - SSL 
info:     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[19/Jul/2024:06:34:05.867919186 +0000] - INFO - Security Initialization - SSL 
info:     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[19/Jul/2024:06:34:05.868910775 +0000] - INFO - Security Initialization - SSL 
info:     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[19/Jul/2024:06:34:05.869828849 +0000] - INFO - Security Initialization - SSL 
info:     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[19/Jul/2024:06:34:05.870846944 +0000] - INFO - Security Initialization - SSL 
info:     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[19/Jul/2024:06:34:05.871884481 +0000] - INFO - Security Initialization - SSL 
info:     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[19/Jul/2024:06:34:05.872960919 +0000] - INFO - Security Initialization - SSL 
info:     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[19/Jul/2024:06:34:05.873942777 +0000] - INFO - Security Initialization - SSL 
info:     TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
[19/Jul/2024:06:34:05.874915469 +0000] - INFO - Security Initialization - SSL 
info:     TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[19/Jul/2024:06:34:05.875865057 +0000] - INFO - Security Initialization - SSL 
info:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[19/Jul/2024:06:34:05.876812156 +0000] - INFO - Security Initialization - SSL 
info:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[19/Jul/2024:06:34:05.877842946 +0000] - INFO - Security Initialization - SSL 
info:     TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[19/Jul/2024:06:34:05.878878446 +0000] - INFO - Security Initialization - SSL 
info:     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[19/Jul/2024:06:34:05.879941260 +0000] - INFO - Security Initialization - SSL 
info:     TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[19/Jul/2024:06:34:05.880887578 +0000] - INFO - Security Initialization - SSL 
info:     TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
[19/Jul/2024:06:34:05.881905650 +0000] - INFO - Security Initialization - SSL 
info:     TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[19/Jul/2024:06:34:05.882724291 +0000] - INFO - Security Initialization - SSL 
info:     TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[19/Jul/2024:06:34:05.883536996 +0000] - INFO - Security Initialization - SSL 
info:     TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[19/Jul/2024:06:34:05.884375320 +0000] - INFO - Security Initialization - SSL 
info:     TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[19/Jul/2024:06:34:06.172298339 +0000] - INFO - Security Initialization - 
slapd_ssl_init2 - Configured SSL version range: min: TLS1.2, max: TLS1.3
[19/Jul/2024:06:34:06.174035089 +0000] - INFO - Security Initialization - 
slapd_ssl_init2 - NSS adjusted SSL version range: min: TLS1.2, max: TLS1.3
[19/Jul/2024:06:34:06.175409580 +0000] - INFO - main - 389-Directory/1.4.3.12 
B2020.213.0000 starting up


--
Identity Management Development Team

--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to