[Issue 10404] slapd uses all available memory and starts using swap

[openldap-its]

https://bugs.openldap.org/show_bug.cgi?id=10404

--- Comment #2 from tomas.bjorkl...@su.se ---
(In reply to Howard Chu from comment #1)
> We'll need your full config to trace this as it appears you have a memory
> leak. Or you can try yo trace it yourself, using valgrind or mleak
> (https://github.com/hyc/mleak).

/tmp/mdump slapd ml.*
fncdump: Cant open slapd

Memory leaks (56253 total)

slapd.conf:
moduleload back_mdb

include /local/sukat/conf/schema.conf
include /local/sukat/conf/acl.conf

authz-regexp
   uid=(.*),cn=gssapi,cn=auth
   ldap:///??sub?(uid=$1)

sasl-host *******

TLSCACertificateFile /etc/ssl/certs/ca-certificates.crt
TLSCertificateFile /local/secret/ssl/cert.pem
TLSCertificateKeyFile /local/secret/ssl/cert.key

TLSCipherSuite HIGH:!TLSv1.0:!SSLv3

loglevel sync stats

sizelimit 5000
timelimit 600

database mdb
directory /local/sukat/db

maxsize 8192000000
rootdn *****************
suffix ""

checkpoint 1024 15

include /local/sukat/conf/index.conf
include /local/sukat/conf/limits.conf
include /local/sukat/conf/syncrepl-ldapro.conf

syncrepl-ldapro.conf:

index entryUUID eq

syncrepl rid=1
        provider=ldaps://*****************
        searchbase=""
        type=refreshAndPersist
        retry="1200 1 1800 +"
        bindmethod=simple
        binddn=******************
        credentials=***************


limits.conf:
# SIZE:
# We have scripts that generate /etc/passwd. They search for all posixAccounts.
# ldapsearch -Y GSSAPI -H ldap://********** objectClass=posixAccount
# numEntries: 173445
#
# The update-affiliations script performs a heavy search for students:
# ldapsearch -Y GSSAPI -H ldap://********** -b ou=LADOK-Courses,dc=su,dc=se
'(&(objectClass=ladok-Group)(|(ladok-groupType=all)(ladok-groupType=fort)(ladok-groupType=omreg)(ladok-groupType=reg)))'
# numEntries: 278101
#
# Handle that and allow for some growth.
#
# TIME:
# The sync to Voyager gets all the cards. On a cold cache with a single client
a
# search like
# ldapsearch -Y GSSAPI -H ldap://**************** objectClass=suCardOwner >
/dev/null
# took 16 min, set time limit to 20 min.
limits group/groupOfNames/member="cn=directory_limits,dc=su,dc=se"  
size=350000    time=1200
limits group/groupOfNames/member="cn=directory_nolimits,dc=su,dc=se"
size=unlimited time=1200
limits group/groupOfNames/member="cn=directory_readers,dc=su,dc=se" 
size=350000    time=1200
limits group/groupOfNames/member="cn=directory_writers,dc=su,dc=se" 
size=350000    time=1200
limits group/groupOfNames/member="cn=directory_paged,dc=su,dc=se"   
size.pr=5000   time=1200 size.prtotal=350000

index.conf:

index modifyTimestamp eq
index departmentNumber eq
index eduPersonAffiliation eq
index eduPersonOrgUnitDN eq
index gidNumber eq
index ladokStudentUID eq
index mailLocalAddress eq
index mailRoutingAddress eq
index member eq
index norEduOrgUnitUniqueIdentifier eq
index norEduPersonNIN eq
index objectClass eq
index owner eq
index roleOccupant eq
index schacPersonalUniqueCode eq
index suCardSerial eq
index suCardState eq
index suCardUUID eq
index swamiCostCenterIdentifier eq
index telephoneNumber eq
index uid eq
index uidNumber eq
index uniqueMember eq
index cn eq,sub
index eduPersonEntitlement eq,sub
index givenName eq,sub
index mail eq,sub
index sn eq,sub
index socialSecurityNumber eq,sub
index title eq,sub
index eduPersonPrimaryAffiliation eq
index eduPersonPrimaryOrgUnitDN eq
index memberUid eq
index ou eq,sub
index businessCategory eq,sub

-- 
You are receiving this mail because:
You are on the CC list for the issue.