IPA named-dyndb-ldap may lose LDAP connection when LDAP server is under high load

Solution Unverified - Updated -

Issue

  • The service IPA / IdM services using named-dyndb-ldap may loose LDAP connection when the remote LDAP server is under temporary spike or high load.
    For example, a bulk add of users and groups using an IPA command such as
ipa group-add-member --users="$someusers" $somegroup"

Can generate a spike CPU and disk I/O load on all LDAP servers used in IPA replication.
Depending on the scenario and environment, the load can be high enough to slow down the LDAP service excessively, which can result in other outages such as the DNS service.

Environment

  • Red Hat Enterprise Linux 6.2
  • ipa-server 2.1.3-9
  • 389-ds-base-1.2.9.14-1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content