I've an OpenLDAP 2.4.32 server with millions of entries, which uses to serve tens of requests per second. It works as a stand-alone master server (replication is setup but the slave server is down)
I noticed several times, at different times and dates, that no lines are logged in the OpenLDAP access log for a few minutes, as if it was frozen. I try to figure out what could explain that ? I checked the usual system counters (CPU, IO, Memory, free disk space, ...) as well as the running processes, but did not notice anything suspicious.
Since the OpenLDAP server runs in a virtual machine, I'm currently trying to monitor the ESX hypervisor. Any idea of what could go wrong ?
Cyril Grosjean wrote:
I've an OpenLDAP 2.4.32 server with millions of entries, which uses to serve tens of requests per second. It works as a stand-alone master server (replication is setup but the slave server is down)
I noticed several times, at different times and dates, that no lines are logged in the OpenLDAP access log for a few minutes, as if it was frozen.
Any possible DNS problems? Do you have "reverse-lookup on" in your configuration?
If yes, I'd recommend to always run a local DNS cache and/or disable reverse name lookups.
If no, I'd recommend to upgrade your OpenLDAP version. There have been many fixes and improvements during the last (almost) three years.
Ciao, Michael.
Thank you for your feedback Michael. We don't use reverse lookups, neither in the access control rules of OpenLDAP, nor at the TCP wrapper level.
I'd already checked the OpenLDAP changes history. I agree we use a somewhat old OpenLDAP version, but I didn't find any obvious clue of a bug that could induce such freezings in more recent versions.
Anyway, upgrading is often an action to consider at least ..
openldap-technical@openldap.org
-
Cyril Grosjean -
Michael Ströder