Issue #113: PTR record synchronization can deadlock if connection count <= 2 (only plugin versions < 3.0) - bind-dyndb-ldap

bind-dyndb-ldap

#113 PTR record synchronization can deadlock if connection count <= 2 (only plugin versions < 3.0)

Closed: Fixed None Opened 11 years ago by pspacek.

PTR record synchronization doesn't work in certain scenarios.

Steps to reproduce
1. Configure IPA in Fedora 18.
2. Enable DNS dynamic updates for forward and reverse zone.
3. Enable PTR record synchronization for forward zone.
4. Install IPA client with ipa-client-install --domain=testrelm.com --realm=TESTRELM.COM -p admin -w Secret123 --unattended --server=f18-ipa-master.testrelm.com --enable-dns-updates

Symptoms

DNS update will fail

Failed to update DNS records.

/var/named/data/named.run

timeout in ldap_pool_getconnection(): try to raise 'connections' parameter; potential deadlock?
Can not synchronize PTR record, ldapdb_rdatalist_get = 2
update_record (psearch) failed, dn 'idnsname=173,idnsname=201.65.10.in-addr.arpa.,cn=dns,dc=testrelm,dc=com' change type 0x4. Records can be outdated, run `rndc reload`: not found

Investigation

/etc/named.conf

dynamic-db "ipa" {
        library "ldap.so";
        arg "uri ldapi://%2fvar%2frun%2fslapd-TESTRELM-COM.socket";
        arg "base cn=dns, dc=testrelm,dc=com";
        arg "fake_mname f18-ipa-master.testrelm.com.";
        arg "auth_method sasl";
        arg "sasl_mech GSSAPI";
        arg "sasl_user DNS/f18-ipa-master.testrelm.com";
        arg "zone_refresh 0";
        arg "psearch yes";
        arg "serial_autoincrement yes";
};

Connection count has to be <= 2 to reproduce the problem.
One connection is reserved purely for persistent search, i.e. one connection is not enough for sync_ptr.