Hi, I have a Problem importing a large batch of users into the following setup: Two Nodes of openldap running n-way multimaster replication with mdb backend, version is 2.4.44. Everything looks good, replication is working.
Now I am trying to import a ldif file with 110362 Users to be added and 956419 group modify operations:
1. When both nodes are online and replication is running, after slapd on the importing node quickly starts using all available memory until the kernel oom-killer decides it uses too much and kills the process. This seems to be caused by the group modifications: It did not happen before, when we had an error in the ldif which caused the group modify statements to be ignored, so only users were imported. We tried to circumvent this behavior by adding up to 32GB of Memory, but this only postponed the problem. 2. When I shut down the second node, so no replication is happening, then start the user and group membership import, this runs fine (takes about 10 hours) without exhausting memory, but if I join the second node afterwards none of the new entries is replicated to the second node.
Does anyone have an idea what I might be doing wrong? Currently I try to batch import with the ldif split into chunks of 1000 entries, with a 30s pause in between.
Best Regards,
Robert Lindner
Cloud Platform Engineer | Delivion GmbH Nachbarsweg 25a | D-45481 Mülheim an der Ruhr Tel.: [+49] 170 7727967 | Web: www.delivion.de This e-mail message may contain confidential or legally privileged information and is intended only for the use of the intended recipient(s). Any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is prohibited. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, or contain viruses. Anyone who communicates with us by e-mail is deemed to have accepted these risks. Company Name is not responsible for errors or omissions in this message and denies any responsibility for any damage arising from the use of e-mail. Any opinion and other statement contained in this message and any attachment are solely those of the author and do not necessarily represent those of the company.
openldap-technical@openldap.org