[Date Prev][Date Next] [Chronological] [Thread] [Top]

syncrepl with GSSAPI over SSL fail (ITS#2956)

To: openldap-its@OpenLDAP.org
Subject: syncrepl with GSSAPI over SSL fail (ITS#2956)
From: tiamat@komi.mts.ru
Date: Fri, 6 Feb 2004 07:23:29 GMT

Full_Name: Alex Deiter
Version: 2.2.5
OS: FreeBSD
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (212.44.140.14)


I'm running OpenLDAP 2.2.5 with a bdb db-4.2.52 backend on FreeBSD 5.2. Master
server work fine, but replica server consistently uses 30% of the CPU, and grows
in memory uncontrollably:

  PID USERNAME PRI NICE   SIZE    RES STATE  C   TIME   WCPU    CPU COMMAND
 5145 ldap     103    0   722M   711M RUN    1   2:55 29.83% 29.83% slapd

After one hour on the replica server is growing three hundreds Berkeley DB log
files:

# ls /var/db/openldap-data/log.*|wc -l
    309

The data on the master server do not change (for all operating time on the
master server has grown 2 Berkeley DB log files).

Replica slapd.conf:

syncrepl rid=1
        provider=ldaps://master
        type=refreshAndPersist
        searchbase="dc=komi,dc=mts,dc=ru"
        updatedn="cn=replica,dc=komi,dc=mts,dc=ru"
        bindmethod=sasl
        saslmech=gssapi

if i change provider from ldaps://master to ldap://master replica slapd work
fine:

  PID USERNAME PRI NICE   SIZE    RES STATE  C   TIME   WCPU    CPU COMMAND
 4993 ldap      96    0 18212K  6376K select 0   0:00  0.00%  0.00% slapd

and Berkeley DB log files do not grow.

Why I cannot use GSSAPI along with SSL ?

Thanks a lot!

Prev by Date: RE: libldap/libldap_r UTF Compilation Warning (ITS#2955)
Next by Date: Re: syncrepl with GSSAPI over SSL fail (ITS#2956)
Index(es):
- Chronological
- Thread