We've seen the slapd's on our mail slaves trying to grow greater than the 2 gigabyte resident set size. I spent two days w/ valgrind looking for memory leaks, but I failed to find anything. I finally discovered that repeatedly binding and unbinding using a SASL/ GSSAPI bind would cause slapd's resident set size and vm size to grow. So I wrote a test program to SASL Bind, issue a search, and unbind. The test program would do this sequence 10000 times before it stopped. The test program always issues the same exact search trying to eliminate any interferance from a growing entry cache and/or idlcache.
I also tried this test w/ OpenLDAP 2.3.30 and got similar results.
Initial program size for slapd RSS = 8392 VMSIZE = 180180
"Bind, search, unbind" memory usage.
Searches Anonymous Bind SASL/GSSAPI Bind Completed RSS VMSIZE RSS VMSIZE 10000 9320 182760 12560 184916 20000 9320 182760 15404 187988 30000 9376 187888 18268 196188 40000 9376 187888 21080 199260 50000 9380 187888 23896 201308 60000 9380 187888 26708 204380 70000 9380 187888 29524 207452 80000 9380 187888 32336 210524 90000 9380 187888 35148 212572 100000 9380 187888 37972 215644
And when I only bind once for every 10,00 searches, I get a slapd memory usage like:
Searches Anonymous Bind SASL/GSSAPI Bind Completed RSS VMSIZE RSS VMSIZE 10000 9308 181736 9788 181856 20000 9308 181736 9788 181856 30000 9308 181736 9788 181856 40000 9316 181736 9788 181856 50000 9316 181736 9788 181856 60000 9316 181736 9796 181856 70000 9316 181736 9796 181856 80000 9316 181736 9800 181856 90000 9316 181736 9800 181856 100000 9316 181736 9800 181856
Current Software Versions Linux kernal 2.6.17.6 OpenLDAP 2.3.27 also tried 2.3.30 w/ similar results cyrus SASL 2.1.21 Heimdal 0.7.2 Berkeley 4.2
slapd.conf loglevel 768
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/local.schema include /etc/openldap/slapd.acl.prod # default settings sizelimit 350 timelimit 60 idletimeout 300 defaultsearchbase "dc=umich,dc=edu" pidfile /etc/openldap/slapd.slave.pid argsfile /etc/openldap/slapd.slave.args # Allow these features allow bind_v2 bind_anon_cred bind_anon_dn threads 32 include /etc/openldap/slapd.tls # SASL / GSSAPI / Kerberos sasl-realm UMICH.EDU
saslRegexp uid=simta/mx.umich.edu,cn=umich.edu,cn=gssapi,cn=auth cn=simta,ou=mail agents,ou=security,dc=umich,dc=edu
saslRegexp uid=(.*),cn=umich.edu,cn=gssapi,cn=auth uid=$1,ou=people,dc=umich,dc=edu
saslRegexp dc=edu,dc=umich,ou=security,ou=(.*),cn=(.*) cn=$2,ou=$1,ou=security,dc=umich,dc=edu
# Proxy authorization checks saslAuthzFrom in destination entry sasl-authz-policy from
include /etc/openldap/slapd.sasl.hostname
TLSCertificateFile /etc/openssl/private/ldap-dev_itd_umich_edu.crt TLSCertificateKeyFile /etc/openssl/private/ldap-dev.itd.umich.edu.key
# database settings database bdb suffix "dc=umich,dc=edu" rootdn xxxxxxxx rootpw xxxxxxxx
limits dn.exact="cn=batch update,ou=security,dc=umich,dc=edu" size.soft=unlimited size.hard=soft time.soft=unlimited time.hard=soft
limits users size.soft=350 size.hard=soft size.unchecked=1000 time.soft=60 time.hard=soft
limits anonymous size.soft=50 size.hard=soft size.unchecked=1000 time.soft=5 time.hard=soft
directory /var/slapd/tmp/db/db.slave cachesize 100000 checkpoint 2048 5 idlcachesize 20000 include /etc/openldap/slapd.index
# Monitor Backend database monitor
BerkeleyDB DB_CONFIG file set_lk_max_locks 25000 set_lk_max_objects 25000
set_cachesize 0 128000000 1
# Set transaction log buffer size to 2 megs set_lg_bsize 2097152
Any ideas?
Thanks, Paul Turgyan University of Michigan