Hi,
I have a OpenBSD sftp server which has login_ldap, ypldap and ypbind configured so that it feeds the user info from the OpenLDAP database. This configuration works fine when it is with OpenBSD 6.1/OpenLDAP 2.4.44. However when I update server to OpenBSD 6.2/OpenLDAP 2.4.45 I face the following issue with ypldap. It never close the established connections to ldap and just keeps adding new ones every time when it reads ldap info. So eventually there is hundreds of ldap connections, ypldap uses all cpu and the server is not unstable anymore. How soon it happens depends of the ldap read interval value specified in ypldap.conf file. As a reference I have included package info from both 6.2 and 6.1 setups below. Please let me know if more information needed. Many Thanks, Helmut Kiessling OpenBSD 6.2 package info: apr-1.6.2 Apache Portable Runtime apr-util-1.6.0-ldap companion library to APR bash-4.4.12p0 GNU Bourne Again Shell collectd-5.7.2p1 system metrics collection engine curl-7.55.1 get files from FTP, Gopher, HTTP or HTTPS servers cyrus-sasl-2.1.26p24 RFC 2222 SASL (Simple Authentication and Security Layer) db-4.6.21p5v0 Berkeley DB package, revision 4 e2fsprogs-1.42.12p4 utilities to manipulate ext2 filesystems gettext-0.19.8.1p1 GNU gettext runtime libraries and programs icu4c-58.2p5 International Components for Unicode libgcrypt-1.8.1 crypto library based on code used in GnuPG libgpg-error-1.27p0 error codes for GnuPG related software libiconv-1.14p3 character set conversion library libidn2-2.0.0 implementation of IDNA2008 internationalized domain names libltdl-2.4.2p1 GNU libtool system independent dlopen wrapper liboping-1.9.0p1 library and tools to generate ICMP echo requests libpsl-0.17.0 public suffix list library libstatgrab-0.91p1 system statistics gathering library libunistring-0.9.7 manipulate Unicode strings libxml-2.9.4p0 XML parsing library libyajl-2.1.0 small JSON library written in ANSI C login_ldap-3.51p8 provide ldap authentication type lzo-1.08p3 portable speedy lossless data compression library lzo2-2.10 portable speedy lossless data compression library nano-2.8.7 Pico editor clone with enhancements nghttp2-1.26.0 library for HTTP/2 openldap-client-2.4.45p4 open-source LDAP software (client) openldap-server-2.4.45p4 open-source LDAP software (server) pcre-8.40p1 perl-compatible regular expression library quirks-2.367 exceptions to pkg_add rules rsync-3.1.2p0 mirroring/synchronization over low bandwidth links screen-4.0.3p6 multi-screen window manager wget-1.19.1 retrieve files from the web via HTTP, HTTPS and FTP xz-5.2.3 LZMA compression and decompression tools OpenBSD 6.1 package info: apr-1.5.2 Apache Portable Runtime apr-util-1.5.4p1-ldap companion library to APR bash-4.4.12 GNU Bourne Again Shell collectd-5.6.2p2 system metrics collection engine curl-7.53.1 get files from FTP, Gopher, HTTP or HTTPS servers cyrus-sasl-2.1.26p21 RFC 2222 SASL (Simple Authentication and Security Layer) db-4.6.21p3v0 Berkeley DB package, revision 4 e2fsprogs-1.42.12p4 utilities to manipulate ext2 filesystems gettext-0.19.8.1 GNU gettext runtime libraries and programs icu4c-58.2p0 International Components for Unicode libgcrypt-1.7.6 crypto library based on code used in GnuPG libgpg-error-1.27 error codes for GnuPG related software libiconv-1.14p3 character set conversion library libidn2-0.16 implementation of IDNA2008 internationalized domain names libltdl-2.4.2p1 GNU libtool system independent dlopen wrapper liboping-1.9.0p0 library and tools to generate ICMP echo requests libpsl-0.17.0 public suffix list library libstatgrab-0.91p1 system statistics gathering library libunistring-0.9.7 manipulate Unicode strings libxml-2.9.4p0 XML parsing library libyajl-2.1.0 small JSON library written in ANSI C login_ldap-3.51p8 provide ldap authentication type lzo-1.08p3 portable speedy lossless data compression library lzo2-2.10 portable speedy lossless data compression library nano-2.7.5 Pico editor clone with enhancements nghttp2-1.21.0 library for HTTP/2 openldap-client-2.4.44p3 open-source LDAP software (client) openldap-server-2.4.44p3 open-source LDAP software (server) pcre-8.38p0 perl-compatible regular expression library quirks-2.304 exceptions to pkg_add rules rsync-3.1.2p0 mirroring/synchronization over low bandwidth links screen-4.0.3p6 multi-screen window manager wget-1.19.1 retrieve files from the web via HTTP, HTTPS and FTP xz-5.2.3 LZMA compression and decompression tools
