Package: slapd Version: 2.4.31-1+nmu2 Severity: serious Hello,
we are using Debian 7.1 on amd64. We installed a multimaster replication setup. Now if we modifies some attributes and groups-memberships and the memory use of the slapd on the 'master' increase extremely (>10G) until out of memory. This occurs only if the two servers in sync. If we disable the connection (i.e. iptables) between the servers, the memory usages isn't growing. We use the online config. In attachment is the corresponding slapd.conf. best regards Thomas Sesselmann -- Thomas Sesselmann, Dipl.-Inf. Friedrich-Schiller-Universität Jena Rechenzentrum Am Johannisfriedhof 2 D-07743 Jena Tel.: 03641/9-40530 Fax.: 03641/9-40630
include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/dyngroup.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/sendmail.schema include /etc/ldap/schema/kerberos.schema include /etc/ldap/schema/fsu.schema include /etc/ldap/schema/eduperson.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args modulepath /usr/lib/ldap moduleload accesslog.la moduleload constraint.la moduleload dds.la moduleload dynlist.la moduleload memberof.la moduleload ppolicy.la moduleload refint.la moduleload syncprov.la moduleload unique.la moduleload back_hdb moduleload back_monitor backend hdb backend monitor TLSCACertificateFile /etc/ldap/certs/chain.pem TLSCACertificatePath /etc/ldap/certs TLSCertificateFile /etc/ldap/certs/ldap.pem TLSCertificateKeyFile /etc/ldap/certs/ldap.key TLSVerifyClient allow ## server-ids/urls fuer mmr ### ServerID 1 "ldap://ldap1.rz.uni-jena.de"; ServerID 2 "ldap://ldap2.rz.uni-jena.de"; ## Match replicator authz-regexp "CN=ldap\.uni-jena\.de,O=Universitaet Jena,L=Jena,ST=Thueringen,C=DE" "uid=replicator,ou=local,dc=uni-jena,dc=de" ## generele Abfragen (Basisdn) ? access to dn.base="" by * read ## Schema abfragen ? access to dn.base="cn=Subschema" by * read ####################################################################### # enable on-the-fly configuration (cn=config) database config ### syncrepl- direktiven fuer mmr der olc ### syncrepl rid=003 provider="ldap://ldap1.rz.uni-jena.de"; searchbase="cn=config" type=refreshAndPersist retry="5 +" bindmethod=sasl saslmech=EXTERNAL starttls=yes filter="(|(!(olcDatabase={0}config))(!(olcReadOnly=TRUE)))" syncrepl rid=004 provider="ldap://ldap2.rz.uni-jena.de"; searchbase="cn=config" type=refreshAndPersist retry="5 +" bindmethod=sasl saslmech=EXTERNAL starttls=yes filter="(|(!(olcDatabase={0}config))(!(olcReadOnly=TRUE)))" overlay syncprov MirrorMode On access to * by dn.exact="uid=replicator,ou=local,dc=uni-jena,dc=de" read by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn.exact="cn=ldapadmin,ou=local,dc=uni-jena,dc=de" manage by * none ####################################################################### # enable server status monitoring (cn=monitor) database monitor access to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.exact="cn=ldapadmin,ou=local,dc=uni-jena,dc=de" read by * none ####################################################################### # enable server access logging (cn=logs) database hdb suffix "cn=logs" checkpoint 1024 15 rootdn "cn=ldapadmin,ou=local,dc=uni-jena,dc=de" directory /var/lib/ldap/logs index reqStart,reqEnd,reqMod,reqResult eq index entryUUID eq access to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.exact="cn=ldapadmin,ou=local,dc=uni-jena,dc=de" read by * none ####################################################################### # database definitions ####################################################################### database hdb suffix "dc=uni-jena,dc=de" checkpoint 1024 15 rootdn "cn=ldapadmin,ou=local,dc=uni-jena,dc=de" rootpw {SSHA}xxx directory /var/lib/ldap/data # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index entryUUID eq ## Accesslog overlay accesslog logdb cn=logs logops writes session logpurge 30+00:00 1+00:00 ## Referenzielle Integrität overlay refint refint_attributes member owner memberOf refint_nothing cn=ldapadmin,ou=local,dc=uni-jena,dc=de ## Unique Attribute overlay unique unique_uri ldap:///dc=uni-jena,dc=de?uid?sub unique_uri ldap:///dc=uni-jena,dc=de?mail?sub unique_uri ldap:///dc=uni-jena,dc=de?uidNumber?sub unique_uri ldap:///dc=uni-jena,dc=de?cn?sub unique_uri ldap:///dc=uni-jena,dc=de?krbPrincipalName?sub unique_uri ldap:///dc=uni-jena,dc=de?mailLocalAddress?sub ## Dynlist overlay dynlist dynlist-attrset groupOfURLs memberURL member ## MemberOf overlay memberof ### syncrepl- direktiven fuer mmr der olc ### syncrepl rid=001 provider="ldap://ldap1.rz.uni-jena.de"; searchbase="dc=uni-jena,dc=de" type=refreshAndPersist retry="5 +" bindmethod=sasl saslmech=EXTERNAL starttls=yes syncrepl rid=002 provider="ldap://ldap2.rz.uni-jena.de"; searchbase="dc=uni-jena,dc=de" type=refreshAndPersist retry="5 +" bindmethod=sasl saslmech=EXTERNAL starttls=yes overlay syncprov MirrorMode On limits dn.exact="uid=replicator,ou=local,dc=uni-jena,dc=de" size=unlimited time=unlimited ## Admin Access access to * by dn.exact="uid=replicator,ou=local,dc=uni-jena,dc=de" read by * none break ## other ACLs #...
smime.p7s
Description: S/MIME Kryptografische Unterschrift
