diff options
author | Thierry Bordaz <tbordaz@redhat.com> | 2016-03-17 12:09:42 +0100 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-03-18 13:25:08 +0100 |
commit | e1bbd90360b98910540b7390b312b6405d0da102 (patch) | |
tree | 5cc4c23e52672612d740d350fd2cf87a00f02f12 /install/updates | |
parent | c6371abeb353c9e82b4c27899f98cae2c3b7cf88 (diff) | |
download | freeipa-e1bbd90360b98910540b7390b312b6405d0da102.tar.gz freeipa-e1bbd90360b98910540b7390b312b6405d0da102.tar.xz freeipa-e1bbd90360b98910540b7390b312b6405d0da102.zip |
DS deadlock when memberof scopes topology plugin updates
Topology plugin may merge (aka DEL) segments that would trigger
internal search for groups owning that segment. The problem
is that it is searching those groups into the full suffix and
so need the schema compat map lock.
If any other operation holding schema compat map lock need to
access the page involved in the DEL, there is a deadlock.
This fix is to prevent useless group searching if the target entry
is a segment or is in compat tree.
https://fedorahosted.org/freeipa/ticket/5637
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'install/updates')
-rw-r--r-- | install/updates/20-syncrepl.update | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/install/updates/20-syncrepl.update b/install/updates/20-syncrepl.update index 8b02133f5..faa13f645 100644 --- a/install/updates/20-syncrepl.update +++ b/install/updates/20-syncrepl.update @@ -11,7 +11,9 @@ add:nsslapd-exclude-suffix: o=ipaca # indices for cn=changelog. dn: cn=MemberOf Plugin,cn=plugins,cn=config add:memberofentryscope: $SUFFIX +add:memberofentryscopeexcludesubtree: cn=compat,$SUFFIX add:memberofentryscopeexcludesubtree: cn=provisioning,$SUFFIX +add:memberofentryscopeexcludesubtree: cn=topology,cn=ipa,cn=etc,$SUFFIX dn: cn=referential integrity postoperation,cn=plugins,cn=config add:nsslapd-plugincontainerscope: $SUFFIX |