Issue #113: PTR record synchronization can deadlock if connection count <= 2 (only plugin versions < 3.0) - bind-dyndb-ldap

bind-dyndb-ldap

#113 PTR record synchronization can deadlock if connection count <= 2 (only plugin versions < 3.0)

Closed: Fixed Opened Mar 25, 2013 by pspacek.

PTR record synchronization doesn't work in certain scenarios.

Steps to reproduce
1. Configure IPA in Fedora 18.
2. Enable DNS dynamic updates for forward and reverse zone.
3. Enable PTR record synchronization for forward zone.
4. Install IPA client with ipa-client-install --domain=testrelm.com --realm=TESTRELM.COM -p admin -w Secret123 --unattended --server=f18-ipa-master.testrelm.com --enable-dns-updates

Symptoms

DNS update will fail

Failed to update DNS records.

/var/named/data/named.run

timeout in ldap_pool_getconnection(): try to raise 'connections' parameter; potential deadlock?
Can not synchronize PTR record, ldapdb_rdatalist_get = 2
update_record (psearch) failed, dn 'idnsname=173,idnsname=201.65.10.in-addr.arpa.,cn=dns,dc=testrelm,dc=com' change type 0x4. Records can be outdated, run `rndc reload`: not found

Investigation

/etc/named.conf

dynamic-db "ipa" {
        library "ldap.so";
        arg "uri ldapi://%2fvar%2frun%2fslapd-TESTRELM-COM.socket";
        arg "base cn=dns, dc=testrelm,dc=com";
        arg "fake_mname f18-ipa-master.testrelm.com.";
        arg "auth_method sasl";
        arg "sasl_mech GSSAPI";
        arg "sasl_user DNS/f18-ipa-master.testrelm.com";
        arg "zone_refresh 0";
        arg "psearch yes";
        arg "serial_autoincrement yes";
};

Connection count has to be <= 2 to reproduce the problem.
One connection is reserved purely for persistent search, i.e. one connection is not enough for sync_ptr.

pspacek commented Mar 25, 2013

Fixed in master branch by: 7b8ebb8cf459991d20297913b9abb756981201bb (fixed during settings refactoring).

V2 branch needs a bit different approach.

pspacek commented Apr 3, 2013

This problem is not present in plugin versions >= 3.0. Fix is deferred until somebody requests it explicitly.

==== Workaround ====
Configure connection count to value >= 3 or disable PTR record synchronization.

dpal commented Sep 20, 2013

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1010396

pspacek commented Sep 26, 2013

We decided to 'hide' the problem by enforcing minimal connections value = 4.

pspacek commented Oct 2, 2013

Fixed by 3ab4665b942ff2157314259260f3b58264874acb

Metadata Update from @pspacek:
- Issue assigned to pspacek
- Issue set to the milestone: The Deferred

Feb 13, 2017

Metadata

Assignee

pspacek

Tags

None

Blocking

None

Depending on

None

Priority

Normal

type

defect

component

ldap driver

version

2.5

keywords

syncptr, deadlock

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1010396

fixedin

None

fixedby

3ab4665b942ff2157314259260f3b58264874acb

bind-dyndb-ldap

#113 PTR record synchronization can deadlock if connection count <= 2 (only plugin versions < 3.0) Closed: Fixed Opened Mar 25, 2013 by pspacek.

Metadata

#113 PTR record synchronization can deadlock if connection count <= 2 (only plugin versions < 3.0)

Closed: Fixed Opened Mar 25, 2013 by pspacek.