Bug 241636 - ACL's memory leaks openldap
ACL's memory leaks openldap
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: openldap (Show other bugs)
x86_64 Linux
medium Severity high
: ---
: ---
Assigned To: Jan Safranek
Depends On:
  Show dependency treegraph
Reported: 2007-05-29 04:43 EDT by saveline
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version: RHBA-2007-0499
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-11-07 12:28:46 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description saveline 2007-05-29 04:43:51 EDT
Description of problem:
Openldap consumes all the available memory and the box starts swapping.

Version-Release number of selected component (if applicable):
RHEL 5 and openldap-servers-2.3.27-5

How reproducible:
It appears randomly

Actual results:
Actually, openldap server consumes memory until the box swaps and the service
became very slow. I must do a service ldap restart in order to clear the swap on
the box.

Expected results:
The service shouldn't be restarted weekly.

Before I moved to rhel5 with openldap, my openldap was on a rhel3 with openldap
2.2...and I didn't find any memory's problem on. I found a related topic on
openldap's mailing with a guy who identified this problem. You can found this
here: http://www.openldap.org/lists/openldap-bugs/200612/msg00064.html

He explained that he found this problem on openldap 2.3.30 and 2.3.27 but not on
2.2.26 (which would explain that I never came accross this on RHEL3). This
problem deals with "by set" clause in ACL's definition (which I use too).
Finally a patch was submited and according to the user, it has solved the
problem. You will find this patch at this url:

This problem seemed to be well known and patched in recent release of openldap. 
That's why I ask if it's possible to correct this in the next openldap update
for RHEL5.

Thanks a lot
Comment 1 Jan Safranek 2007-06-05 03:00:37 EDT
The patch you are referring to just disables set rules, which is probably not
what you want. I have found a patch which solves the leak:


I'll try to put it to next RHEL 5.1 update.
Comment 2 RHEL Product and Program Management 2007-06-05 03:03:37 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
Comment 5 saveline 2007-06-20 05:10:15 EDT

Here is some feedback of your fix.
I patched my rhel5 openldap's rpm with your fix and it seems to work very well.
I didn't have to restart my openldap for 2 weeks. Before, I used to do it every
3~5 days. I think it's OK.

Comment 8 errata-xmlrpc 2007-11-07 12:28:46 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.