--On May 2, 2014 at 6:01:02 PM -0700 "Paul B. Henson" <henson(a)acm.org>
I've been testing the password policy module lately. I updated
development LDAP infrastructure Monday, basically loading and enabling the
module, adding a default policy:
This explains why the accesslog was running out of space, it was full of
these. It doesn't explain why the slapd process exploded in memory use,
unless I suppose the steady-state memory usage of a slapd this busy
processing replication is higher than one that's not quite so busy.
But I'm confused as to why loading the password policy module, for an
account with a policy configured to pretty much not do anything, results
in a modification of the CSN for every authentication?
I'm going to go peruse the source code to see if I can determine what's
going on, but any expert opinions would be most welcome.
I would suggest (if you haven't) enabling sync replication logging
(loglevel sync) in addition to whatever other loglevels you have. I've
found it is possible to send MMR into an endless loop in some cases
recently. I'm still working on the reproduction case for it, but it
happens 100% of the time for a client of ours eventually.
Zimbra :: the leader in open source messaging and collaboration