[Pkg-openldap-devel] Bug#731795: failures under load with slapd in wheezy

John Jasen jjasen at gmail.com
Mon Dec 9 20:35:24 UTC 2013


Package: slapd
Version:  2.4.31-1+nmu2

Placing the slapd server under load, at somewhere between 512 and 1024
simultaneous connections (using TLS, may be higher unencrypted), you
will end up see variations of:

"ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)"

Under simple tests, I've seen these occur for anywhere between 5 and 50%
of the connection attempts.

I have been able to replicate this on systems ranging from a VM with
256M of ram to an 8GB physical server to a 24GB 12 CPU system (2
physical, 6 cores each), and it all fails in the same range of connections.

Recommendation:

Upgrade to slapd-2.4.38 in jessie and wheezy-backports.

According to the openldap changelogs
(http://www.openldap.org/software/release/changes.html), the following
fix was included in openldap 2.4.32:

"Fixed slapd-bdb/hdb cache hang under high load (ITS#7222)"

I downloaded and compiled openldap 2.4.38 on a 256MB VM system, using
the same configuration options Debian uses. Under current tests, it has
survived over 16k connections without any errors. This is a factor of
4, and still going.



More information about the Pkg-openldap-devel mailing list