389-ds freezes with deadlock
by Julian Kippels
Hi,
I am using 389-ds Version 2.3.1 and have encountered the same error
twice in three days now. There are some MOD operations and then I get a
line like this in the errors-log:
[23/Aug/2023:13:27:17.971884067 +0200] - ERR - ldbm_back_seq - deadlock
retry BAD 1601, err=0 Unexpected dbimpl error code
After this the server keeps running, systemctl status says everything is
fine, but new incoming connections are failing with timeouts.
Any advice would be welcome.
Thanks in advance
Julian Kippels
--
---------------------------------------------------------
| | Julian Kippels
| | M.Sc. Informatik
| |
| | Zentrum für Informations- und Medientechnologie
| | Heinrich-Heine-Universität Düsseldorf
| | Universitätsstr. 1
| | Raum 25.41.O1.32
| | 40225 Düsseldorf / Germany
| |
| | Tel: +49-211-81-14920
| | mail: kippels(a)hhu.de
---------------------------------------------------------
2 months, 2 weeks
Re: Internal Server Error
by Omar
Hello Mark,
Sorry for the late reply, I was sick and didn't get back to work until
today. Please find attached logs and configuration of my server. Let me
know if you see how I can make this work with what I have. Thanks in
advance,
//omar
-----------------------------------------------------------------------------------------
On 8/25/23 2:20 PM, Omar wrote:
Hello Mark,
I'm sorry, didn't know that the dsgw was no longer supported. We are
trying to create an LDAP service with a GUI so that our users can change
their passwords.
I have installed and configured the following:
- 389-ds-base
- openldap-clients
- idm-console-framework
- 389-adminutil
- 389-admin
- 389-admin-console
- 389-console
- 389-ds-console
- 389-dsgw
I have deployed all these on Centos-7 and the versions are:
- 389-console-1.1.19-6
- 389-ds-base-1.3.11.1-2
- 389-ds-console-1.2.16-1
- 389-admin-1.1.46-4
- 389-admin-console-1.1.12-1
- 389-ds-base-libs-1.3.11.1-2
- 389-adminutil-1.1.22-2
- 389-dsgw-1.1.11-5
Now that I know that the dsgw is no longer supported, what do you recommend
I use as a GUI for all users?
Users can log into 389-console, but you might need to configure some
settings in adm.conf to make that work with just using the user's RDN of
their DN. Otherwise you need to use the entire DN of the entry to log in.
There might be other config files you need to edit. Sorry it's so old I
don't recall all the details, but I know it's possible.
But, did you look into the admin server error log? I would think dsgw
could still work, but without knowing more about the failure it's hard to
say.
Our wiki has a few docs on it, but not much:
https://www.port389.org/docs/389ds/administration/dsgw.html
https://www.port389.org/docs/389ds/administration/dsgw-install-guide.html
There was an upstream project started by William Brown (https://pagure.io/
389-ds-portal) many years ago, but I don't think it's been updated in a
long time. I'm not sure if it's functional or not. Our team does not work
on this project, but you might want to look into it. Otherwise you need to
develop your own user portal. There is also Openldap's Apache Directory
Studio: https://directory.apache.org/studio/ but I don't think this is
exactly what you are looking for.
Regards,
Mark
Thanks for the support.
//Omar
On Thu, Aug 24, 2023 at 8:56 AM Mark Reynolds <mareynol(a)redhat.com> wrote:
>
> On 8/23/23 10:08 AM, Omar Pagan wrote:
> > Getting the following error after following all the documentation for
> deploying 389ds and 389dsgw. Please help.
>
> What documentation? dsgw (Directory Server Gateway) hasn't been
> "supported/maintained" in over 10+ years so I am not surprised it's not
> working. Also it was only provided to show what an LDAP webapp could
> do. It was never a fully supported product.
>
> Or, are you referring to the old java console? 389-console?
>
> What platform are you trying to run this on? What is the rpm version of
> 389-ds-base? 389-admin?
>
> What is in the admin server error log? Not sure where this log is
> anymore(it's been so long since I looked at it), but its probably under
> /var/log/dirsrv/admin-serv/ ? Something like that...
>
> HTH,
> Mark
>
>
> >
> > Internal Server Error
> > The server encountered an internal error or misconfiguration and was
> unable to complete your request.
> >
> > Please contact the server administrator at [no address given] to inform
> them of the time this error occurred, and the actions you performed just
> before this error.
> >
> > More information about this error may be available in the server error
> log.
> >
> > Apache/2.4 Server at 10.194.81.88 Port 9830
> > _______________________________________________
> > 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> > To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> > Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives: https://lists.fedoraproject.org/archives/list/389
> -users(a)lists.fedoraproject.org
> > Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
> --
> Directory Server Development Team
>
> --
Directory Server Development Team
3 months
Re: can someone point me in the right direction please
by William Brown
> On 30 Aug 2023, at 00:46, Jeffrey Westgate <Jeffrey.Westgate(a)arkansas.gov> wrote:
>
> I've inherited an old ldap config - 389-Directory/1.2.11.15 B2018.129.1448 - and it's on a server where the OS in nearing EOS.
>
> I am leaning on trying to get to RHEL 9, and dnf-installing latest which seems to be 2.2.4-3.el9
>
> My intuition tells me this is not a straight-forward drop the old and install it to the new, based on changes to the db that I'm aware of...
>
> I'm hoping there is a sort of how-to to get from here to there? step-by-step, commands, etc?
>
> thanks for anything useable...
Actually, most of the changes would be in the dse.ldif TBH rather than the DB. But you could try it and see what happens 🤔?
Anyway, the best way to proceed IMO would be db2ldif on the 1.2 server, then ldif2db on the 2.2 server.
Then you need to compare both servers dse.ldif and bring over any plugin configs and indexes that were configured. Mostly that should get you to parity.
Then you can setup new replicas etc.
Hope that helps :)
>
>
>
> –
> Jeff Westgate
> UNIX/Linux Support Team Lead
> Transformation and Shared Services, Division of Information Systems
>
>
> _______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
--
Sincerely,
William Brown
Senior Software Engineer,
Identity and Access Management
SUSE Labs, Australia
3 months
can someone point me in the right direction please
by Jeffrey Westgate
I've inherited an old ldap config - 389-Directory/1.2.11.15 B2018.129.1448 - and it's on a server where the OS in nearing EOS.
I am leaning on trying to get to RHEL 9, and dnf-installing latest which seems to be 2.2.4-3.el9
My intuition tells me this is not a straight-forward drop the old and install it to the new, based on changes to the db that I'm aware of...
I'm hoping there is a sort of how-to to get from here to there? step-by-step, commands, etc?
thanks for anything useable...
–
Jeff Westgate
UNIX/Linux Support Team Lead
Transformation and Shared Services, Division of Information Systems
3 months
Re: Internal Server Error
by Mark Reynolds
On 8/25/23 2:20 PM, Omar wrote:
> Hello Mark,
>
> I'm sorry, didn't know that the dsgw was no longer supported. We are
> trying to create an LDAP service with a GUI so that our users can
> change their passwords.
>
> I have installed and configured the following:
>
> * 389-ds-base
> * openldap-clients
> * idm-console-framework
> * 389-adminutil
> * 389-admin
> * 389-admin-console
> * 389-console
> * 389-ds-console
> * 389-dsgw
>
> I have deployed all these on Centos-7 and the versions are:
>
> * 389-console-1.1.19-6
> * 389-ds-base-1.3.11.1-2
> * 389-ds-console-1.2.16-1
> * 389-admin-1.1.46-4
> * 389-admin-console-1.1.12-1
> * 389-ds-base-libs-1.3.11.1-2
> * 389-adminutil-1.1.22-2
> * 389-dsgw-1.1.11-5
>
> Now that I know that the dsgw is no longer supported, what do you
> recommend I use as a GUI for all users?
Users can log into 389-console, but you might need to configure some
settings in adm.conf to make that work with just using the user's RDN of
their DN. Otherwise you need to use the entire DN of the entry to log
in. There might be other config files you need to edit. Sorry it's so
old I don't recall all the details, but I know it's possible.
But, did you look into the admin server error log? I would think dsgw
could still work, but without knowing more about the failure it's hard
to say.
Our wiki has a few docs on it, but not much:
https://www.port389.org/docs/389ds/administration/dsgw.html
https://www.port389.org/docs/389ds/administration/dsgw-install-guide.html
There was an upstream project started by William Brown
(https://pagure.io/389-ds-portal) many years ago, but I don't think it's
been updated in a long time. I'm not sure if it's functional or not.
Our team does not work on this project, but you might want to look into
it. Otherwise you need to develop your own user portal. There is also
Openldap's Apache Directory Studio: https://directory.apache.org/studio/
but I don't think this is exactly what you are looking for.
Regards,
Mark
>
> Thanks for the support.
>
> //Omar
>
> On Thu, Aug 24, 2023 at 8:56 AM Mark Reynolds <mareynol(a)redhat.com> wrote:
>
>
> On 8/23/23 10:08 AM, Omar Pagan wrote:
> > Getting the following error after following all the
> documentation for deploying 389ds and 389dsgw. Please help.
>
> What documentation? dsgw (Directory Server Gateway) hasn't been
> "supported/maintained" in over 10+ years so I am not surprised
> it's not
> working. Also it was only provided to show what an LDAP webapp could
> do. It was never a fully supported product.
>
> Or, are you referring to the old java console? 389-console?
>
> What platform are you trying to run this on? What is the rpm
> version of
> 389-ds-base? 389-admin?
>
> What is in the admin server error log? Not sure where this log is
> anymore(it's been so long since I looked at it), but its probably
> under
> /var/log/dirsrv/admin-serv/ ? Something like that...
>
> HTH,
> Mark
>
>
> >
> > Internal Server Error
> > The server encountered an internal error or misconfiguration and
> was unable to complete your request.
> >
> > Please contact the server administrator at [no address given] to
> inform them of the time this error occurred, and the actions you
> performed just before this error.
> >
> > More information about this error may be available in the server
> error log.
> >
> > Apache/2.4 Server at 10.194.81.88 Port 9830
> > _______________________________________________
> > 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> > To unsubscribe send an email to
> 389-users-leave(a)lists.fedoraproject.org
> > Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines:
> https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
> > Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
> --
> Directory Server Development Team
>
--
Directory Server Development Team
3 months
Re: Internal Server Error
by Omar Pagan
Hello Mark,
I'm sorry, didn't know that the dsgw was no longer supported. We are trying to create an LDAP service with a GUI so that our users can change their passwords.
I have installed and configured the following:
389-ds-base
openldap-clients
idm-console-framework
389-adminutil
389-admin
389-admin-console
389-console
389-ds-console
389-dsgw
I have deployed all these on Centos-7 and the versions are:
389-console-1.1.19-6
389-ds-base-1.3.11.1-2
389-ds-console-1.2.16-1
389-admin-1.1.46-4
389-admin-console-1.1.12-1
389-ds-base-libs-1.3.11.1-2
389-adminutil-1.1.22-2
389-dsgw-1.1.11-5
Now that I know that the dsgw is no longer supported, what do you recommend I use as a GUI for all users?
Thanks for the support.
//Omar
3 months
Replication question
by tdarby@arizona.edu
I've got two 389 multi-supplier replicated instances that I want to replicate to two new ones just temporarily for migration purposes. Since this is production, it would be ideal if it could be replicating right up to the second I make the new ones live. However, I simplified the configuration on the new one and now I'm wondering if this scheme will still work.
On the old one, I have two replicated DBs, one mapped to ou=b,dc=a,dc=arizona,dc=edu and the other mapped to dc=a,dc=arizona,dc=edu. On the new one, I decided to have just one replicated DB, mapped to dc=arizona, dc=edu. Is it possible to replicate the old ones to the new instance? I'm thinking no, but I had to ask.
3 months
Internal Server Error
by Omar Pagan
Getting the following error after following all the documentation for deploying 389ds and 389dsgw. Please help.
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
Apache/2.4 Server at 10.194.81.88 Port 9830
3 months, 1 week
Announcing 389 Directory Server 2.3.7
by Thierry Bordaz
389 Directory Server 2.3.7
The 389 Directory Server team is proud to announce 389-ds-base version 2.3.7
Fedora packages are available on Fedora f38
Fedora 38:
https://koji.fedoraproject.org/koji/taskinfo?taskID=104579000
<https://koji.fedoraproject.org/koji/taskinfo?taskID=104579000>
Bodhi:
https://bodhi.fedoraproject.org/updates/FEDORA-2023-0680e2e886
<https://bodhi.fedoraproject.org/updates/FEDORA-2023-0680e2e886>
The new packages and versions are:
* 389-ds-base-2.3.7-1
Source tarballs are available for download at Download
389-ds-base Source
<https://github.com/389ds/389-ds-base/archive/389-ds-base-2.3.7.tar.gz>
Highlights in 2.3.7
* Alarming messages logged by account policy plugin
* Server may crash at startup
Installation and Upgrade
See Download <https://www.port389.org/docs/389ds/download.html> for
information about setting up your yum repositories.
To install the server use *dnf install 389-ds-base*
To install the Cockpit UI plugin use *dnf install cockpit-389-ds*
After rpm install completes, run *dscreate interactive*
For upgrades, simply install the package. There are no further
steps required.
There are no upgrade steps besides installing the new rpms
See Install_Guide
<https://www.port389.org/docs/389ds/howto/howto-install-389.html> for
more information about the initial installation and setup
See Source <https://www.port389.org/docs/389ds/development/source.html>
for information about source tarballs and SCM (git) access.
Feedback
We are very interested in your feedback!
Please provide feedback and comments to the 389-users mailing list:
https://lists.fedoraproject.org/admin/lists/389-users.lists.fedoraproject...
If you find a bug, or would like to see a new feature, file it in our
GitHub project: https://github.com/389ds/389-ds-base
* bump version to 2.3.7
* Issue 4551 - Part 2 - Fix build warning of previous PR (#5888)
* Issue 5834 - AccountPolicyPlugin erroring for some users (#5866)
* Issue 5872 - part 2 - fix is_dbi regression (#5887)
* Issue 5848 - dsconf should prevent setting the replicaID for hub and
consumer roles (#5849)
* Issue 5870 - ns-slapd crashes at startup if a backend has no
suffix (#5871)
* Issue 5883 - Remove connection mutex contention risk on autobind (#5886)
* Issue 5872 - |dbscan()| in lib389 can return bytes
* Bump version to 2.3.6
* Issue 5729 - Memory leak in factory_create_extension (#5814)
* Issue 5877 - test_basic_ldapagent breaks
test_setup_ds_as_non_root* tests
* Issue 5853 - Update Cargo.lock and fix minor warning (#5854)
* Issue 5867 - lib389 should use filter for tarfile as recommended by
PEP 706 (#5868)
* Issue 5864 - Server fails to start after reboot because it’s unable
to access nsslapd-rundir
* Issue 5856 - SyntaxWarning: invalid escape sequence
* Issue 5859 - dbscan fails with AttributeError: ‘list’ object has no
attribute ‘extends’
* Issue 4551 - Paged search impacts performance (#5838)
* Issue 4169 - UI - Fix retrochangelog and schema Typeaheads (#5837)
* issue 5833 - dsconf monitor backend fails on lmdb (#5835)
* Issue 3555 - UI - Fix audit issue with npm - stylelint (#5836)
* Bump version to 2.3.5
* Issue 5752 - RFE - Provide a history for LastLoginTime (#5807)
* Issue 5793 - UI - fix suffix selection in export modal
* Issue 5793 - UI - Fix minor crashes (#5827)
* Issue 5825 - healthcheck - password storage scheme warning needs
more info
* Issue 5822 - Allow empty export path for db2ldif
* Issue 5755 - Massive memory leaking on update operations (#5824)
* Issue 5551 - Almost empty and not loaded ns-slapd high cpu load
* Issue 5156 - RFE that implement slapi_memberof (#5694)
* Issue 5722 - RFE When a filter contains ‘nsrole’, improve response
time by rewriting the filter (#5723)
* Issue 5755 - The Massive memory leaking on update operations (#5803)
* Issue 5752 - CI - Add more tests for lastLoginHistorySize RFE (#5802)
* Issue 2375 - CLI - Healthcheck - revise and add new checks
* Issue 5793 - UI - move from webpack to esbuild bundler
* Issue 5781 - Bug handling return code of pre-extended operation plugin.
* Issue 5785 - move bash completion to post section of specfile
* Issue 5646 - Various memory leaks (#5725)
* Issue 5789 - Improve ds-replcheck error handling
* Issue 5786 - CLI - registers tools for bash completion
* Issue 5778 - UI - Remove error message if .dsrc is missing
* Issue 4758 - Add tests for WebUI
* Issue 5751 - Cleanallruv task crashes on consumer (#5775)
* Issue 5743 - Disabling replica crashes the server (#5746)
3 months, 3 weeks
Announcing 389 Directory Server 2.2.9
by Mark Reynolds
389 Directory Server 2.2.9
The 389 Directory Server team is proud to announce 389-ds-base version 2.2.9
Fedora packages are available on Fedora 37
https://koji.fedoraproject.org/koji/taskinfo?taskID=104325801
<https://koji.fedoraproject.org/koji/taskinfo?taskID=104325801>
https://bodhi.fedoraproject.org/updates/FEDORA-2023-0594ef094f
<https://bodhi.fedoraproject.org/updates/FEDORA-2023-0594ef094f>- Bohdi
The new packages and versions are:
* 389-ds-base-2.2.9-1
Source tarballs are available for download atDownload 389-ds-base Source
<https://github.com/389ds/389-ds-base/archive/389-ds-base-2.2.9.tar.gz>
Highlights in 2.2.9
* Memory leak fixes
* Paged Result Search&Managed Role performance improvements
* Enhancement - Provide a history for LastLoginTime
Installation and Upgrade
SeeDownload <https://www.port389.org/docs/389ds/download.html>for
information about setting up your yum repositories.
To install the server use*dnf install 389-ds-base*
To install the CockpitUIplugin use*dnf install cockpit-389-ds*
After rpm install completes, run*dscreate interactive*
For upgrades, simply install the package. There are no further
steps required.
There are no upgrade steps besides installing the new rpms
SeeInstall_Guide
<https://www.port389.org/docs/389ds/howto/howto-install-389.html>for
more information about the initial installation and setup
SeeSource
<https://www.port389.org/docs/389ds/development/source.html>for
information about source tarballs andSCM(git) access.
Feedback
We are very interested in your feedback!
Please provide feedback and comments to the 389-users mailing
list:https://lists.fedoraproject.org/admin/lists/389-users.lists.fedorapr...
If you find a bug, or would like to see a new feature, file it in our
GitHub project:https://github.com/389ds/389-ds-base
* Bump version to 2.2.9
* Issue 5729 - Memory leak in factory_create_extension (#5814)
* Issue 5877 - test_basic_ldapagent breaks
test_setup_ds_as_non_root* tests
* Issue 5853 - Update Cargo.lock and fix minor warning (#5854)
* Issue 5867 - lib389 should use filter for tarfile as recommended
byPEP706 (#5868)
* Issue 5864 - Server fails to start after reboot because it’s unable
to access nsslapd-rundir
* Issue 5856 - SyntaxWarning: invalid escape sequence
* Issue 5859 - dbscan fails with AttributeError: ‘list’ object has no
attribute ‘extends’
* Issue 4551 - Paged search impacts performance (#5838)
* Issue 4169 -UI- Fix retrochangelog and schema Typeaheads (#5837)
* issue 5833 - dsconf monitor backend fails on lmdb (#5835)
* Issue 3555 -UI- Fix audit issue with npm - semver and word-wrap
* Issue 5752 -RFE- Provide a history for LastLoginTime (#5807)
* Issue 5793 -UI- fix suffix selection in export modal
* Issue 5825 - healthcheck - password storage scheme warning needs
more info
* Issue 5822 - Allow empty export path for db2ldif
* Issue 5755 - Massive memory leaking on update operations (#5824)
* Issue 5551 - Almost empty and not loaded ns-slapd high cpu load
* Issue 5722 -RFEWhen a filter contains ‘nsrole’, improve response
time by rewriting the filter (#5723)
* Issue 5755 - The Massive memory leaking on update operations (#5803)
* Issue 5752 -CI- Add more tests for lastLoginHistorySizeRFE (#5802)
* Issue 2375 -CLI- Healthcheck - revise and add new checks
* Issue 5781 - Bug handling return code of pre-extended operation plugin.
* Issue 5646 - Various memory leaks (#5725)
* Issue 5789 - Improve ds-replcheck error handling
* Issue 5642 - Build fails against setuptools 67.0.0
* Issue 5778 -UI- Remove error message if .dsrc is missing
* Issue 5751 - Cleanallruv task crashes on consumer (#5775)
*
Issue 5743 - Disabling replica crashes the server (#5746)
* Bump version to 2.2.8
* Issue 5752 -RFE- Provide a history for LastLoginTime (#5753)
* Issue 5770 -RFE- Extend Password Adminstrators to allow skipping
password info updates
* Issue 5768 -CLI/UI- cert checks are too strict, and other issues
* Issue 5765 - Improve installer selinux handling
* Issue 5643 - Memory leak in entryrdn during delete (#5717)
* Issue 152 -RFE- Add support forLDAPalias entries
* Issue 5052 -BUG- Custom filters prevented entry deletion (#5060)
* Issue 5704 - crash in sync_refresh_initial_content (#5720)
* Issue 5738 -RFE-UI- Read/write replication monitor info to .dsrc file
* Issue 5749 -RFE- Allow Account Policy Plugin to handle inactivity
and expiration at the same time
--
Directory Server Development Team
3 months, 3 weeks
