When the Schema Compatibility plug-in is configured to provide Active Directory (AD) users access to legacy clients using the Identity Management (IdM) cross-forest trust to AD, the 389 Directory Server can under certain conditions increase CPU consumption upon receiving a request to resolve complex group membership of an AD user.
Description of problem:
Originally spotted in #sfdc case 01190699
Attaching strace, pstack from ns-ldap server and logs from RHEL5.
Version-Release number of selected component (if applicable):
In customer environment
ns-ldapd consume 100% CPU
we need a mechanism to filter/cache such requests in glibc and not abuse nss_file.
This bug is fixed with bug 1202995 and https://rhn.redhat.com/errata/RHSA-2015-0728.html in RHEL 7.1.z
*** This bug has been marked as a duplicate of bug 1202996 ***