Regression 1.3.10->2.3.7: Unusable memberOf + mangedEntries plugin combination (almost deadlock)

[gudtanha]

Hello,

we've been using 1.3.10 with the memberOf plugin configured to track only one attribute (uniqueMember) together with the managedEntries Plugin for several years in a single-master replication environment. This constellation doesn't work anymore with 2.3.7. The setup is identical: A LSC instance does the LDAP DIT provisioning backed by a Oracle DBMS based IDM. As soon as LSC starts to push group entries, 2.3.7 has one 100% thread blocking the complete server for about 10 minutes. But it's not a infinite deadlock... The machine recovers reliably - but is unusable of course (deployment takes 4 hours instad of 20 minutes). All I could track down yet is that the combination of the managedEntries & memberOF plugins triggers the issue - if I disable one, things work like with 1.3.10. Unfortunately I have no idea what changed when and why - and not the best skills to help debugging, especially not the requred time to dig into deep :-( Any hints where to start isolating the root cause highly appreciated!

[Firstyear]

@tbordaz Could there be a circular dependency here between MO and MEP?

@gudtanha Does your managed entries plugin have and filters that depend on memberOf or uniqueMember attributes? That would introduce an infinite loop that needs to resolve.