slapd + valsort using 100% CPU and causing slpad to become unresponsive

Hello list,

I've been recently experimenting with the valsort overlay. After enabling it on the servers in our test environment they became unresponsive after a few minutes and a simple "top" showed a 100% cpu utilization on the machines. Before filing an ITS I thought I'd first post my problem here. Maybe it's just something as simple as a misplaced configuration directive. Therefor I've included the relevant information below.

The test-servers only have about 100 entries and usually no more than half a dozen clients access them simultaneously.

OpenLDAP Version: 2.3.30 BerkeleyDB: 4.2.52 + 5 patches OS: RHES 2.1 and 3.0

Relevant slapd.conf parts: ... <ACL's, TLS opts, other global stuff> ... ... overlay chain chain-uri "ldap://<...>" chain-idassert-bind bindmethod=sasl binddn="<...>" saslmech=external mode=self chain-tls start ####################################################################### # BDB database definitions ####################################################################### database bdb suffix "dc=o2online,dc=de" rootdn <...> rootpw {SSHA}<...>

directory /var/lib/ldap/openldap-data

index objectClass eq index entryCSN eq index entryUUID eq index sudoUser pres,eq,sub index uid,cn pres,eq,sub index uidNumber eq index gidNumber eq index memberUid eq index uniqueMember eq index host eq

## Syncrepl provider settings #overlay syncprov #syncprov-checkpoint 50 5 #syncprov-sessionlog 1000

# Syncrepl consumer settings syncrepl rid=100 provider=ldap://<...> type=refreshAndPersist interval=00:00:00:10 retry="60 10 300 +" searchbase="dc=o2online,dc=de" filter="(objectclass=*)" scope=sub attrs="*,+" schemachecking=on starttls=critical bindmethod=sasl saslmech="external"

updateref ldap://<...>

limits dn.exact="<...>" size=unlimited time=unlimited

cachesize 10000 idlcachesize 30000 checkpoint 1024 5

overlay unique unique_base "dc=o2online,dc=de" unique_attributes uid uidNumber

overlay dynlist dynlist-attrset extensibleObject memberURL uniqueMember

overlay valsort valsort-attr uniqueMember dc=o2online,dc=de alpha-ascend valsort-attr host dc=o2online,dc=de alpha-ascend

authz-policy to

authz-regexp email=<...> cn=<...>

Any help or hints would be much apreciated.

With kind regards Michael Heep