ns-slapd oomkilled when using ipa migrate-ds to migrate from openldap to Identity Management

Solution Verified - Updated -

Issue

  • While using ipa migrate-ds to migrate from OpenLDAP to IPA, the ns-slapd process grows to fill all physical RAM, and is eventually oomkilled.

    PID  USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+     COMMAND
3776 dirsrv    20   0 5043m 3.9g  17m S 90.0 25.1    180:10.20 ns-slapd

2011-12-28T06:30:04.235508-06:00 authtest kernel: Out of memory: 
Kill process 3776 (ns-slapd) score 960 or sacrifice child

2011-12-28T06:30:04.235511-06:00
 authtest kernel: Killed process 3776, UID 201, (ns-slapd) 
total-vm:22793688kB, anon-rss:15676664kB, file-rss:1720kB

  • Errors from the end of the ipa migrate-ds debug log:

    ipa: DEBUG: handshake complete, peer = 10.0.0.76:443
ipa: DEBUG: Caught fault 4203 from server https://authtest.example.com/ipa/xml: Can't contact LDAP server:
ipa: DEBUG: Destroyed connection context.xmlclient
ipa: ERROR: Can't contact LDAP server:

  • Verified via tcpdump that LDAP queries to source LDAP server are returning quickly, ruling out the source server as a cause.

Environment

  • Red Hat Enterprise Linux 6.2
  • Identity Management
  • openldap-servers-2.3.43-12

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content