openldap-software May 2009

openldap-software@openldap.org

41 participants
44 discussions

Inquiry Regarding Force Change Password
by Carlo Camerino 04 May '09

04 May '09

Hi Everyone, I'm new to openldap and was just wondering if OpenLDAP implements force change password policy? Does it expire the password of the user after a specified number of days? Also can I specify a list of commonly used passwords so that users cannot use it? Thanks Carlo

3 2

openldap2.4.16 and BDB4.7 not sync configured as provider/consumer
by Rodrigo Costa 04 May '09

04 May '09

openldap software, Sometime ago I open the ITS#5860 about some memory cache limitations not being respected by config files. Even this issue was solved when I tried to configured openldap to use replication(syncrepl) the system never enter into sync and the behavior appears similar to the ITS#5860 bug. The system start to sync and in the provider(master) I see the query for the DB sync. But the consumer(slave) memory consumption start to grow very fast making me to constrain much more the dncachesize to a 1/10 of the size of the provider(master) where at least system doesn't crash at consumer. Since changes were done in the openldap 2.4.16 I download and made tests with this version. I get into the same behavior with consumer(slave) never getting in sync with provider(master). The behaviors are : 1) Consumer(slave) start query to the provider(master) DB; 2) Memory allocation and number of threads in the provider(master) start to increase as expected; 3) dncachesize directive into provider(master) controls as expected the maximum memory to be allocated by slapd process in provider(master); 4) Consumer(slave) consumer memory in a much faster pace. dncachesize configured to 1/10 of provider(master) to avoid memory allocation problems; 5) After sometime the consumer(slave) CPU usage maintains in 200%. Provider(master) stays with low CPU usage, around 1 to 3 %; 6) A new provisioning in provider(master) isn't propagated to consumer(slave); 7) Bases never get in sync and CPU usage in consumer still high. Queries to provider(master) are answer very fast and even multiple individual queries to consumer(slave) are also answer in reasonable time. It looks like could exist certain issue in the replication logic where some processing dead loop could be found by the replication consumer(slave) logic. The newest openldap version and Berkeley DB 4.7 with all patches were compiled in the platform running the code. Any idea about this behavior? Thanks, Rodrigo.

3 2

Another DIT as subtree
by Diego Woitasen 03 May '09

03 May '09

Hi, I have an OpenLDAP 2.3.x server with back-bdb already populated. Is there a way to proxy searchs and show them as subtree of my DIT? For example, all the contents of ou=anotherldap,dc=example,dc=com must be fetched from a remote server and the remaining of the tree fetched locally from bdb. I was reading about translucent, back-ldap, back-meta and no one looks like I want. regards, Diego -- Diego Woitasen XTECH - Soluciones Linux para empresas (54) 011 5219-0678

2 1

slapd leaking memory on i386?
by John Morrissey 01 May '09

01 May '09

2.4.16 (with BDB4.7 + patches and the POSIX threads build options) has been stable on amd64/x86_64 for us, but I'm encountering problems with 2.4.16 on i386. slapd will run happily for several hours at a RSS of ~1.2GB, but then will suddenly gobble memory until it hits the i386 address space limit of 3GB and dies due to random segfaults as memory allocation fails. BDB caches are set to ~1.25GB total and the entry cache to 10,000 entries. I'm not sure how long it takes slapd to consume the extra 2GB of memory, but it's definitely less than 20 minutes according to sar(1). I have a couple core files from when this happens. Are there structures that are likely suspects for unchecked growth (the entry and BDB caches, for example) that I can poke at with a debugger to get an idea what's going on? john -- John Morrissey _o /\ ---- __o jwm(a)horde.net _-< \_ / \ ---- < \, www.horde.net/ __(_)/_(_)________/ \_______(_) /_(_)__

3 9

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software May 2009