We have been struggling with an upgrade of OpenLDAP 2.4.x to any version after 2.5.  Our upgrade process was installing the binaries, removing our ppolicy schema and doing a slapcat of the old database and a slapadd to the new version.   After doing so, response time shows a noticeable delay using an ldapsearch, the header on the response will pause long enough to read it before we get the result.  This delay is causing the server to hang during heavy use and eventually crash.   Through a lot of trouble shooting / trial and error, I have found that the cause is our dynlist definitions/usage.  When they are removed, response time goes back to normal and there is a memory leak that stops.  I can add the pertinent parts of the cn=config if needed.  The question for now is has anyone else seen and hopefully resolved this issue or just know what changed for dynlist in 2.5 that might be effecting us?

 

Thanks,

Bradley Gill CISSP, CCSP