IPA unresponsive and high cpu usage of the ns-slapd process

Solution Unverified - Updated -

Issue

  • One of our IPA replica's is behaving oddly. 389ds is suspected.
  • The replica is serving at most 60 systems
  • ipactl commands take very long time
  • ipactl restart sometimes fails
  • high cpu usage by ns-slapd process
  • high io utilisation (queue > 1) on the disk containing both the logging and the database files
  • clients using this IPA server get odd results (does not know users anymore)
  • kerberos not responsive (kinit takes a long time)
  • kerberos however is responsive when SSS is configured to use a different replica but /etc/krb5.conf is using the 'odd' one
  • DNS is working properly but probably using cache

Environment

  • Red Hat Enterprise Linux (RHEL) 7.1
  • 389-ds-base-1.3.3.1-20.el7_1.x86_64

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content