Full_Name: David Hawes Version: 2.3.30 OS: Debian GNU/Linux 3.1 URL: Submission from: (NULL) (128.173.13.109)
When using ACL sets, OpenLDAP 2.3.30 steadily uses up all the system memory before crashing (slapd: ch_malloc.c:57: ch_malloc: Assertion `0' failed).
The system is loaded using SLAMD with 4 clients doing anonymous searches on a filter file of approximately 300,000 filters (taken from a typical day on a production server). SLAMD reports that 2885650 entries are returned in the 30 minutes it takes to use up all available memory (4G).
The instance contains approximately 1 million entries in a bdb backend, and uses the following simple set of ACLs for this test:
... access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to dn.base="dc=example,dc=com" by * read
access to dn.base="ou=People,dc=example,dc=com" by * read
access to * by set="[string1] & [string2]" read by peername.ip=<slamd client ip 1> read by peername.ip=<slamd client ip 2> read by peername.ip=<slamd client ip 3> read by peername.ip=<slamd client ip 4> read by * none ...
Removing the "by set=" clause and running the SLAMD job causes OpenLDAP memory usage to stabilize.
I notice the same behavior on 2.3.27, but did not notice it with older versions such as 2.2.26.