ns-slapd oomkilled when using ipa migrate-ds to migrate from openldap to Identity Management
Issue
-
While using ipa migrate-ds to migrate from OpenLDAP to IPA, the ns-slapd process grows to fill all physical RAM, and is eventually oomkilled.
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 3776 dirsrv 20 0 5043m 3.9g 17m S 90.0 25.1 180:10.20 ns-slapd 2011-12-28T06:30:04.235508-06:00 authtest kernel: Out of memory: Kill process 3776 (ns-slapd) score 960 or sacrifice child 2011-12-28T06:30:04.235511-06:00 authtest kernel: Killed process 3776, UID 201, (ns-slapd) total-vm:22793688kB, anon-rss:15676664kB, file-rss:1720kB
-
Errors from the end of the ipa migrate-ds debug log:
ipa: DEBUG: handshake complete, peer = 10.0.0.76:443 ipa: DEBUG: Caught fault 4203 from server https://authtest.example.com/ipa/xml: Can't contact LDAP server: ipa: DEBUG: Destroyed connection context.xmlclient ipa: ERROR: Can't contact LDAP server:
-
Verified via tcpdump that LDAP queries to source LDAP server are returning quickly, ruling out the source server as a cause.
Environment
- Red Hat Enterprise Linux 6.2
- Identity Management
- openldap-servers-2.3.43-12
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.