[Bug 227178] Re: Slave slapd crashes when doing syncrepl

[Anderson]

Humm...

I have an OpenLDAP server listening in ldaps:// and ldapi://. Simple and
SASL authentication are enabled.

I am trying to run in the same machine another OpenLDAP server listening
only in ldap://, but acting as a replica of the existing OpenLDAP
server. In this second server, I want to disable simple authentication
and enforce stronger SASL mechanisms in order to bind to it. My
intention is to use ldap:// to serve NSS_LDAP modules and use ldaps://
to serve PAM_LDAP modules on workstations.

Now, I am using ldaps:// to serve either NSS_LDAP and PAM_LDAP and if I
run 2500 instances of "getent passwd", my LDAP server eats all CPU
resources because of the encryption. If I run 2500 instances of "getent
passwd" agains a ldap:// server, the server uses no more than 5% of CPU
resources. Good performance, but using ldap:// in PAM_LDAP arises a
security problem in my network.

The file I attached here has the full LDAP base and OpenLDAP
configuration I use here. I only moved configuration and databases to my
home directory (/home/amg1127) in order to avoid conflict with my
existing server. Unfortunately, I couldn't reproduce the bug by using a
little base.

-- 
Slave slapd crashes when doing syncrepl
https://bugs.launchpad.net/bugs/227178
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap2.3 in ubuntu.