We are running a cluster of 2 ldap servers using the syncrepl overlay with mirror mode. After upgrading from SLES 10 SP2 (openldap 2.4.11) to SLES 11 SP1 (openldap 2.4.20), we have encountered a memory problem. The slapd process grows unbounded to the point that it uses all of the memory available to the ldap user on the server, currently 2.5GB, in a matter of hours. The database only contains around 30,000 records, so this amount of memory usage seems unusually high. No changes to the server configuration were made during the upgrade.
In an attempt to address the issue, we upgraded both instances further to openldap version 2.4.28, but this has not helped. Below is the slapd.conf (security related pieces have been redacted) that we are using.
~Paul
-------------------BEGIN SLAPD.CONF-------------- # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/rfc2307bis.schema include /etc/openldap/schema/ppolicy.schema
pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args
# Load dynamic backend modules: modulepath /usr/lib/openldap/modules
TLSCipherSuite HIGH:MEDIUM:-SSLv2 TLSCertificateFile /etc/openldap/cert.pem TLSCertificateKeyFile /etc/openldap/cert.key
<ACLs go Here>
loglevel none
ServerID 1
####################################################################### # BDB database definitions #######################################################################
database bdb suffix "dc=redacted" checkpoint 1024 5 cachesize 10000 overlay ppolicy rootdn "cn=redacted" sizelimit -1 ppolicy_default "cn=redacted" ppolicy_use_lockout
directory /var/lib/ldap # Indices to maintain index cn,sn,uid eq index entryUUID eq index entryCSN eq index member eq index objectClass eq
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 limits dn.exact="uid=replica,ou=redacted" time=unlimited size=unlimited
syncrepl rid=501 provider=ldap://peerhost:389 type=refreshAndPersist retry="5 5 300 +" searchbase="dc=redacted" attrs="*,+" scope=sub bindmethod=simple binddn="uid=redacted" credentials= interval=00:01:00:00
mirrormode on
database monitor -------------------END SLAPD.CONF--------------