[Pkg-openldap-devel] Bug#725091: slapd with memory leak in active sync
Thomas Sesselmann
thomas.sesselmann at uni-jena.de
Tue Oct 1 11:10:18 UTC 2013
Package: slapd
Version: 2.4.31-1+nmu2
Severity: serious
Hello,
we are using Debian 7.1 on amd64.
We installed a multimaster replication setup.
Now if we modifies some attributes and groups-memberships and the memory
use of the slapd on the 'master' increase extremely (>10G) until out of memory.
This occurs only if the two servers in sync.
If we disable the connection (i.e. iptables) between the servers,
the memory usages isn't growing.
We use the online config. In attachment is the corresponding slapd.conf.
best regards
Thomas Sesselmann
--
Thomas Sesselmann, Dipl.-Inf.
Friedrich-Schiller-Universität Jena
Rechenzentrum
Am Johannisfriedhof 2
D-07743 Jena
Tel.: 03641/9-40530
Fax.: 03641/9-40630
-------------- next part --------------
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/sendmail.schema
include /etc/ldap/schema/kerberos.schema
include /etc/ldap/schema/fsu.schema
include /etc/ldap/schema/eduperson.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/ldap
moduleload accesslog.la
moduleload constraint.la
moduleload dds.la
moduleload dynlist.la
moduleload memberof.la
moduleload ppolicy.la
moduleload refint.la
moduleload syncprov.la
moduleload unique.la
moduleload back_hdb
moduleload back_monitor
backend hdb
backend monitor
TLSCACertificateFile /etc/ldap/certs/chain.pem
TLSCACertificatePath /etc/ldap/certs
TLSCertificateFile /etc/ldap/certs/ldap.pem
TLSCertificateKeyFile /etc/ldap/certs/ldap.key
TLSVerifyClient allow
## server-ids/urls fuer mmr ###
ServerID 1 "ldap://ldap1.rz.uni-jena.de"
ServerID 2 "ldap://ldap2.rz.uni-jena.de"
## Match replicator
authz-regexp
"CN=ldap\.uni-jena\.de,O=Universitaet Jena,L=Jena,ST=Thueringen,C=DE"
"uid=replicator,ou=local,dc=uni-jena,dc=de"
## generele Abfragen (Basisdn) ?
access to dn.base=""
by * read
## Schema abfragen ?
access to dn.base="cn=Subschema"
by * read
#######################################################################
# enable on-the-fly configuration (cn=config)
database config
### syncrepl- direktiven fuer mmr der olc ###
syncrepl rid=003
provider="ldap://ldap1.rz.uni-jena.de"
searchbase="cn=config"
type=refreshAndPersist
retry="5 +"
bindmethod=sasl
saslmech=EXTERNAL
starttls=yes
filter="(|(!(olcDatabase={0}config))(!(olcReadOnly=TRUE)))"
syncrepl rid=004
provider="ldap://ldap2.rz.uni-jena.de"
searchbase="cn=config"
type=refreshAndPersist
retry="5 +"
bindmethod=sasl
saslmech=EXTERNAL
starttls=yes
filter="(|(!(olcDatabase={0}config))(!(olcReadOnly=TRUE)))"
overlay syncprov
MirrorMode On
access to *
by dn.exact="uid=replicator,ou=local,dc=uni-jena,dc=de" read
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
by dn.exact="cn=ldapadmin,ou=local,dc=uni-jena,dc=de" manage
by * none
#######################################################################
# enable server status monitoring (cn=monitor)
database monitor
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
by dn.exact="cn=ldapadmin,ou=local,dc=uni-jena,dc=de" read
by * none
#######################################################################
# enable server access logging (cn=logs)
database hdb
suffix "cn=logs"
checkpoint 1024 15
rootdn "cn=ldapadmin,ou=local,dc=uni-jena,dc=de"
directory /var/lib/ldap/logs
index reqStart,reqEnd,reqMod,reqResult eq
index entryUUID eq
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
by dn.exact="cn=ldapadmin,ou=local,dc=uni-jena,dc=de" read
by * none
#######################################################################
# database definitions
#######################################################################
database hdb
suffix "dc=uni-jena,dc=de"
checkpoint 1024 15
rootdn "cn=ldapadmin,ou=local,dc=uni-jena,dc=de"
rootpw {SSHA}xxx
directory /var/lib/ldap/data
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index entryUUID eq
## Accesslog
overlay accesslog
logdb cn=logs
logops writes session
logpurge 30+00:00 1+00:00
## Referenzielle Integrität
overlay refint
refint_attributes member owner memberOf
refint_nothing cn=ldapadmin,ou=local,dc=uni-jena,dc=de
## Unique Attribute
overlay unique
unique_uri ldap:///dc=uni-jena,dc=de?uid?sub
unique_uri ldap:///dc=uni-jena,dc=de?mail?sub
unique_uri ldap:///dc=uni-jena,dc=de?uidNumber?sub
unique_uri ldap:///dc=uni-jena,dc=de?cn?sub
unique_uri ldap:///dc=uni-jena,dc=de?krbPrincipalName?sub
unique_uri ldap:///dc=uni-jena,dc=de?mailLocalAddress?sub
## Dynlist
overlay dynlist
dynlist-attrset groupOfURLs memberURL member
## MemberOf
overlay memberof
### syncrepl- direktiven fuer mmr der olc ###
syncrepl rid=001
provider="ldap://ldap1.rz.uni-jena.de"
searchbase="dc=uni-jena,dc=de"
type=refreshAndPersist
retry="5 +"
bindmethod=sasl
saslmech=EXTERNAL
starttls=yes
syncrepl rid=002
provider="ldap://ldap2.rz.uni-jena.de"
searchbase="dc=uni-jena,dc=de"
type=refreshAndPersist
retry="5 +"
bindmethod=sasl
saslmech=EXTERNAL
starttls=yes
overlay syncprov
MirrorMode On
limits dn.exact="uid=replicator,ou=local,dc=uni-jena,dc=de"
size=unlimited time=unlimited
## Admin Access
access to *
by dn.exact="uid=replicator,ou=local,dc=uni-jena,dc=de" read
by * none break
## other ACLs
#...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4829 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20131001/0dcccaa0/attachment.bin>
More information about the Pkg-openldap-devel
mailing list