You have been subscribed to a public bug:
We've got our ubuntu servers (8.04.1 LTS) authenticating users against
an active directory libpam-krb5 and user account info is gotten via
libnss-ldap and nscd. However, the nscd process keeps growing in memory
image size until it fills the system memory completely. Memory leak
speed seems to correlate to the number of queries against nss.
The AD is Windows 2003 R2, using the R2 provided Identity management for
UNIX (ex-SFU) to provide LDAP attributes. There are about 50 user
objects and a dozen group objects matching the search filters specified
in /etc/ldap.conf, plus the stuff that goes with AD by default.
On our mail server, which uses nss queries the most and suffers worst
from this problem, the memory usage gets up to 95MB (RES) and 203MB
(VIRT) in 12 hours as observed by top, and exceeds one gigabyte in 3-5
days.
I have tried turning paranoia mode on to restart the service
periodically, but for some reason it does not restart, just quits the
whole process (I don't know whether the paranoia mode is actually
supposed to workin Ubuntu, as it is not mentioned in documentation
provided with Ubuntu release, but it's parameters are in default config
file, so I decided to try).
Just tried to install a fresh Ubuntu 8.04.1 server where I installed
only libnss-ldap, nscd and their requirements, configured it for AD
connection and left idle for the night. nscd memory usage was up to
100MB in the morning when it initially (few minutes after restart) is
about 3.5MB.
*** Release and package info ***
Description: Ubuntu 8.04.1
Release: 8.04
nscd:
Installed: 2.7-10ubuntu4
Candidate: 2.7-10ubuntu4
Version table:
*** 2.7-10ubuntu4 0
500 http://fi.archive.ubuntu.com hardy-updates/universe Packages
100 /var/lib/dpkg/status
2.7-10ubuntu3 0
500 http://fi.archive.ubuntu.com hardy/universe Packages
*** Sanitized /etc/ldap.conf ***
base dc=our,dc=ad,dc=domain
uri ldaps://dc1.our.ad.domain ldaps://dc2.our.ad.domain
ldap_version 3
rootbinddn nsswi...@our.ad.domain
scope sub
pam_password crypt
nss_base_passwd dc=our,dc=ad,dc=domain?sub?&(uidNumber=*)
nss_base_group dc=our,dc=ad,dc=domain?sub?&(gidNumber=*)
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
pam_login_attribute sAMAccountName
pam_filter objectclass=User
nss_map_attribute userPassword unixUserPassword
ssl on
tls_checkpeer no
sasl_secprops maxssf=0
nss_initgroups_ignoreusers
backup,bin,daemon,dhcp,dovecot,ftp,games,gnats,irc,klog,libuuid,list,lp,mail,man,news,ntp,postfix,proftpd,proxy,root,snmp,sshd,sync,sys,syslog,uucp,www-data
*** Password for nsswi...@our.ad.domain in /etc/ldap.secret ***
*** Using default package provided /etc/nscd.conf ***
** Affects: libnss-ldap (Ubuntu)
Importance: Undecided
Status: New
** Tags: libnss-ldap memory nscd
--
nscd leaking memory using libnss-ldap
https://bugs.launchpad.net/bugs/292971
You received this bug notification because you are a member of Ubuntu Server
Team, which is subscribed to libnss-ldap in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
