You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1328108
Description of problem:
We use FreeIPA on CentOS 6 for user authentication. On Fedora 23, the sssd_be
consumes lots of memory and writes error messages to the log at a rapid rate
(gigabytes per day in debug_level 4).
Version-Release number of selected component (if applicable):
sssd-1.13.3-6.fc23.x86_64
Also tested: sssd-1.13.4-1.fc23.x86_64
How reproducible:
Always
Additional info:
The server runs ipa-server-3.0.0-47.el6.centos.2.x86_64.
On the client, the memory consumption of sssd_be constantly increases. The log
contains lots of messages of the following form (can't actually tell the order
since they repeat over and over, debug_level set to 4):
(Mon Apr 18 14:49:30 2016) [sssd[be[---]]] [sdap_get_generic_op_finished]
(0x0040): Unexpected result from ldap: Protocol error(2), A dereference
attribute must have DN syntax
(Mon Apr 18 14:49:30 2016) [sssd[be[---]]] [generic_ext_search_handler]
(0x0040): sdap_get_generic_ext_recv failed [5]: Input/output error
(Mon Apr 18 14:49:30 2016) [sssd[be[---]]] [sdap_deref_search_done] (0x0040):
dereference processing failed [5]: Input/output error
On the server, this causes a very high load in ns-slapd for the domain in
question.
We are currently in the process of upgrading from F20. There, everything was
working fine. So it seems that sssd in the meantime introduced something that
triggers this behavior. Either this is a general incompatibility that current
exists between the latest sssd and the CentOS 6 FreeIPA, or maybe some FreeIPA
upgrade had an issue? (I remember
The workstations with the new version seem to work fine, aside from becoming
unresponsive once sssd_be fills up the memory. Users can authenticate.
If there is anything I can provide to help analyze and fix this issue please
let me know. Currently this is a roadblock for further upgrading our machines.
We would like to resolve this without upgrading the FreeIPA server (after all,
we chose an enterprise Linux for long-term stability).
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/2993
Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1328108
Comments
Comment from lslebodn at 2016-04-19 13:27:35
I seems to be a bug caused by ticket #2960.
It was introduced in 1.13.4
blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
review: True => 0
selected: =>
testsupdated: => 0
Comment from lslebodn at 2016-04-19 13:29:05
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1312276 (Red Hat Enterprise Linux 7)
rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=1328108 1328108] => [https://bugzilla.redhat.com/show_bug.cgi?id=1328108 1328108], [https://bugzilla.redhat.com/show_bug.cgi?id=1312276 1312276]
Comment from lslebodn at 2016-04-19 13:31:41
Sumit has a patch
owner: somebody => sbose
Comment from sbose at 2016-04-19 16:41:52
Fields changed
patch: 0 => 1
Comment from jhrozek at 2016-04-22 19:01:24
milestone: NEEDS_TRIAGE => SSSD 1.13.5
resolution: => fixed
status: new => closed
Comment from lslebodn at 2017-02-24 15:07:17
Metadata Update from @lslebodn:
The text was updated successfully, but these errors were encountered: