On 2018/03/21 10:11, Helmut Kiessling BT wrote: > > I have a OpenBSD sftp server which has login_ldap, ypldap and ypbind > configured so that it feeds the user info from the OpenLDAP database. This > configuration works fine when it is with OpenBSD 6.1/OpenLDAP 2.4.44. > However when I update server to OpenBSD 6.2/OpenLDAP 2.4.45 I face the > following issue with ypldap. It never close the established connections to > ldap and just keeps adding new ones every time when it reads ldap info. So > eventually there is hundreds of ldap connections, ypldap uses all cpu and > the server is not unstable anymore. How soon it happens depends of the ldap > read interval value specified in ypldap.conf file. As a reference I have > included package info from both 6.2 and 6.1 setups below. Please let me know > if more information needed.
A filedescriptor leak in ypldap was fixed after 6.2. If you have a CVS checkout of the 6.2 source tree, you could try updating just /usr/src/usr.sbin/ypldap to -current (change to the directory, cvs up -PdA) then rebuilding (make obj; make; doas make install).
