Hello list,

I've been recently experimenting with the valsort overlay. After enabling it on the servers in our test environment they became unresponsive after a few minutes and a simple "top" showed a 100% cpu utilization on the machines.
Before filing an ITS I thought I'd first post my problem here. Maybe it's just something as simple as a misplaced configuration directive. Therefor I've included the relevant information below.

The test-servers only have about 100 entries and usually no more than half a dozen clients access them simultaneously.

OpenLDAP Version: 2.3.30
BerkeleyDB: 4.2.52 + 5 patches
OS: RHES 2.1 and 3.0

Relevant slapd.conf parts:
... <ACL's, TLS opts, other global stuff> ...
...
overlay chain
chain-uri                "ldap://<...>"
chain-idassert-bind         bindmethod=sasl binddn="<...>" saslmech=external mode=self
chain-tls                start
#######################################################################
# BDB database definitions
#######################################################################
database        bdb
suffix                "dc=o2online,dc=de"
rootdn                <...>
rootpw                {SSHA}<...>

directory        /var/lib/ldap/openldap-data

index        objectClass        eq
index        entryCSN        eq
index        entryUUID        eq
index        sudoUser        pres,eq,sub
index        uid,cn                pres,eq,sub
index        uidNumber        eq
index        gidNumber        eq
index        memberUid        eq
index        uniqueMember        eq
index        host                eq

## Syncrepl provider settings
#overlay        syncprov
#syncprov-checkpoint        50 5
#syncprov-sessionlog        1000

# Syncrepl consumer settings
syncrepl rid=100
        provider=ldap://<...>
        type=refreshAndPersist
        interval=00:00:00:10
        retry="60 10 300 +"
        searchbase="dc=o2online,dc=de"
        filter="(objectclass=*)"
        scope=sub
        attrs="*,+"
        schemachecking=on
        starttls=critical
        bindmethod=sasl  
        saslmech="external"

updateref ldap://<...>

limits        dn.exact="<...>" size=unlimited time=unlimited

cachesize        10000
idlcachesize        30000
checkpoint        1024 5

overlay unique
unique_base                "dc=o2online,dc=de"
unique_attributes        uid uidNumber

overlay dynlist
dynlist-attrset                extensibleObject memberURL uniqueMember

overlay valsort
valsort-attr uniqueMember dc=o2online,dc=de alpha-ascend
valsort-attr host dc=o2online,dc=de alpha-ascend

authz-policy to

authz-regexp
        email=<...>
        cn=<...>

Any help or hints would be much apreciated.

With kind regards
Michael Heep