I'm new to openldap and was just wondering if OpenLDAP implements force
change password policy?
Does it expire the password of the user after a specified number of days?
Also can I specify a list of commonly used passwords so that users cannot
Sometime ago I open the ITS#5860 about some memory cache limitations not
being respected by config files. Even this issue was solved when I tried
to configured openldap to use replication(syncrepl) the system never
enter into sync and the behavior appears similar to the ITS#5860 bug.
The system start to sync and in the provider(master) I see the query for
the DB sync. But the consumer(slave) memory consumption start to grow
very fast making me to constrain much more the dncachesize to a 1/10 of
the size of the provider(master) where at least system doesn't crash at
Since changes were done in the openldap 2.4.16 I download and made tests
with this version. I get into the same behavior with consumer(slave)
never getting in sync with provider(master).
The behaviors are :
1) Consumer(slave) start query to the provider(master) DB;
2) Memory allocation and number of threads in the provider(master) start
to increase as expected;
3) dncachesize directive into provider(master) controls as expected the
maximum memory to be allocated by slapd process in provider(master);
4) Consumer(slave) consumer memory in a much faster pace. dncachesize
configured to 1/10 of provider(master) to avoid memory allocation problems;
5) After sometime the consumer(slave) CPU usage maintains in 200%.
Provider(master) stays with low CPU usage, around 1 to 3 %;
6) A new provisioning in provider(master) isn't propagated to
7) Bases never get in sync and CPU usage in consumer still high. Queries
to provider(master) are answer very fast and even multiple individual
queries to consumer(slave) are also answer in reasonable time.
It looks like could exist certain issue in the replication logic where
some processing dead loop could be found by the replication
The newest openldap version and Berkeley DB 4.7 with all patches were
compiled in the platform running the code.
Any idea about this behavior?
I have an OpenLDAP 2.3.x server with back-bdb already populated. Is there
a way to proxy searchs and show them as subtree of my DIT? For example,
all the contents of ou=anotherldap,dc=example,dc=com must be fetched from
a remote server and the remaining of the tree fetched locally from bdb.
I was reading about translucent, back-ldap, back-meta and no one looks
like I want.
XTECH - Soluciones Linux para empresas
(54) 011 5219-0678
2.4.16 (with BDB4.7 + patches and the POSIX threads build options) has been
stable on amd64/x86_64 for us, but I'm encountering problems with 2.4.16 on
slapd will run happily for several hours at a RSS of ~1.2GB, but then will
suddenly gobble memory until it hits the i386 address space limit of 3GB and
dies due to random segfaults as memory allocation fails. BDB caches are set
to ~1.25GB total and the entry cache to 10,000 entries. I'm not sure how
long it takes slapd to consume the extra 2GB of memory, but it's definitely
less than 20 minutes according to sar(1).
I have a couple core files from when this happens. Are there structures that
are likely suspects for unchecked growth (the entry and BDB caches, for
example) that I can poke at with a debugger to get an idea what's going on?
John Morrissey _o /\ ---- __o
jwm(a)horde.net _-< \_ / \ ---- < \,
www.horde.net/ __(_)/_(_)________/ \_______(_) /_(_)__