Looks a lot like a problem I have as well.
Check out the /proc/xxx/fd directory of the dirsrv process for your
IPA realm, in my case it's full of dead pointers to /var/tmp/ldap_xxx
where xxx will be the same on one IPA server(I have two in a
multi-master setup).
These don't clear out until I restart the dirsrv process, so
eventually they'll fill up to the FD limit. For now I have a cron job
performing a staggered IPA restart on the two servers and a case open
with RH, but I haven't gotten any solution yet.
This is also RHEL 6.3 by the way, though the problem appeared in 6.2
for me.
This looks a memory leak in libkrb5 or dirsrv leaving around so krb

Those files are replay caches.

Rich, can you investigate the use of libkrb5 in dirsrv ?

Oops missed this, though this is a private bug so I will have to take
y'alls word for it being the thing.
Sorry about that. It appears to be a problem with either krb5 or selinux, and there is a proposed fix for RHEL 6.4

I hate private bugs. I am going to open a RH support case, just in case
that helps in any way.
Yes, please.


