Hello list,
I've been recently experimenting with the valsort overlay. After enabling it on the servers in our test environment they became unresponsive after a few minutes and a simple "top" showed a 100% cpu utilization on the machines. Before filing an ITS I thought I'd first post my problem here. Maybe it's just something as simple as a misplaced configuration directive. Therefor I've included the relevant information below.
The test-servers only have about 100 entries and usually no more than half a dozen clients access them simultaneously.
OpenLDAP Version: 2.3.30 BerkeleyDB: 4.2.52 + 5 patches OS: RHES 2.1 and 3.0
Relevant slapd.conf parts: ... <ACL's, TLS opts, other global stuff> ... ... overlay chain chain-uri "ldap://<...>" chain-idassert-bind bindmethod=sasl binddn="<...>" saslmech=external mode=self chain-tls start ####################################################################### # BDB database definitions ####################################################################### database bdb suffix "dc=o2online,dc=de" rootdn <...> rootpw {SSHA}<...>
directory /var/lib/ldap/openldap-data
index objectClass eq index entryCSN eq index entryUUID eq index sudoUser pres,eq,sub index uid,cn pres,eq,sub index uidNumber eq index gidNumber eq index memberUid eq index uniqueMember eq index host eq
## Syncrepl provider settings #overlay syncprov #syncprov-checkpoint 50 5 #syncprov-sessionlog 1000
# Syncrepl consumer settings syncrepl rid=100 provider=ldap://<...> type=refreshAndPersist interval=00:00:00:10 retry="60 10 300 +" searchbase="dc=o2online,dc=de" filter="(objectclass=*)" scope=sub attrs="*,+" schemachecking=on starttls=critical bindmethod=sasl saslmech="external"
updateref ldap://<...>
limits dn.exact="<...>" size=unlimited time=unlimited
cachesize 10000 idlcachesize 30000 checkpoint 1024 5
overlay unique unique_base "dc=o2online,dc=de" unique_attributes uid uidNumber
overlay dynlist dynlist-attrset extensibleObject memberURL uniqueMember
overlay valsort valsort-attr uniqueMember dc=o2online,dc=de alpha-ascend valsort-attr host dc=o2online,dc=de alpha-ascend
authz-policy to
authz-regexp email=<...> cn=<...>
Any help or hints would be much apreciated.
With kind regards Michael Heep
Michael.Heep@o2.com writes:
Hello list, I've been recently experimenting with the valsort overlay. After enabling it on the servers in our test environment they became unresponsive after a few minutes and a simple "top" showed a 100% cpu utilization on the machines. Before filing an ITS I thought I'd first post my problem here. Maybe it's just something as simple as a misplaced configuration directive. Therefor I've included the relevant information below.
[...]
overlay dynlist dynlist-attrset extensibleObject memberURL uniqueMember
[...]
Did you include an attribute in the meberURL string? I have just faced the same problem.
-Dieter
Hello Dieter,
thanks a lot this was exactly the problem! When disabling the dynlist overlay valsort works flawlessly. It seems like valsort can't cope with attribute-value pairs "created" by dynlist.
Although valsort is not mission critical (at least for us) I'll file an ITS anyways, because in some cases it's still a more than nice to have feature ;)
Kind regards Michael Heep
"Dieter Kluenter" dieter@dkluenter.de Gesendet von: openldap-software-bounces+michael.heep=o2.com@openldap.org 22.11.2006 21:38
An openldap-software@openldap.org Kopie
Thema Re: slapd + valsort using 100% CPU and causing slpad to become unresponsive
Michael.Heep@o2.com writes:
Hello list, I've been recently experimenting with the valsort overlay. After
enabling it
on the servers in our test environment they became unresponsive after a
few
minutes and a simple "top" showed a 100% cpu utilization on the
machines.
Before filing an ITS I thought I'd first post my problem here. Maybe
it's just
something as simple as a misplaced configuration directive. Therefor
I've
included the relevant information below.
[...]
overlay dynlist dynlist-attrset extensibleObject memberURL uniqueMember
[...]
Did you include an attribute in the meberURL string? I have just faced the same problem.
-Dieter
Hi,
Michael.Heep@o2.com writes:
Hello Dieter, thanks a lot this was exactly the problem! When disabling the dynlist overlay valsort works flawlessly. It seems like valsort can't cope with attribute-value pairs "created" by dynlist. Although valsort is not mission critical (at least for us) I'll file an ITS anyways, because in some cases it's still a more than nice to have feature ;)
It is not valsort, it is probabely your design of dynlist. You either specify in slapd.conf a dynlist-attrset with group-oc URL-at and member-at, and no attribut in the URL string of memberURL, or you specify no member-at in slapd.conf but an attribute in the URL string. Otherwise slapd runs in an endless loop comparing member-at and attribute. At least that is, what I experienced.
-Dieter
openldap-software@openldap.org
-
Dieter Kluenter -
Michael.Heep@o2.com