--On Wednesday, June 07, 2017 7:07 AM -0600 Joaquin Estrada=20 jmestrada69@gmail.com wrote:

Quanah,

We are running the Berkley DB back-end, =C2=B3back-bdb=C2=B2 in the =

slapd.conf

file.

Our server vendor did the upgrade to version 2.4.39 last year in April. =

In

asking them about upgrading to a newer version, as a potential fix, I was told the last version in the RHEL repository that they can upgrade to is 2.4.40. I=C2=B9m not certain that our vendor will support our choice to upgrade to a newer version than what RHEL provides them in the repository, but if it will fix our problem, I=C2=B9ll have to push the envelope on that matter.

Were there any known fragmentation issues with back-bdb in the 2.4.39 version that could also be causing these pauses?

No, back-bdb is not remotely the same as back-mdb. However, I've no idea=20 what options RedHat compiles their BDB library with and there were specific =

options that had an effect on OpenLDAP. Generally, I would note that the=20 back-bdb backend and back-hdb backends are deprecated at this point.

Is it possible we have the idletimeout set too high and it should be lowered? I=C2=B9m wondering if there is some sweet-spot value for this particular setting.

I generally leave it unset unless one is encountering an issue of running=20 out of connections. Generally, it would be fairly strange for idletimeout=20 to affect things this way at all. It simply drops idle connections based=20 off of the timer. Disabling rate throttling in rsyslogd is a good idea,=20 but may be unrelated as well. We've also seen cases with RHEL7 where Redhat =

has set things up so that journald also gets all the syslog messages, which =

causes severe performance degredation.

You could spend some time seeing if you can isolate an exact cause. For=20 example, set loglevel to 0 and see if you still encounter the issue. If=20 you do, it is unrelated to syslog activity.

Another test would be to set idletimeout to 0. If you still encounter the=20 issue, it is unrelated to idle connections being dropped. etc.

As Michael noted, Redhat builds are somewhat questionable as they make=20 various changes to the code base that the OpenLDAP project have not been=20 reviewed. Your issues may or may not be related to such a change, it's=20 generally impossible to know.

Hope that helps.

--Quanah

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com