Re: password policy module memory leaks / excessive replication?

[Quanah Gibson-Mount <quanah@zimbra.com>]

--On May 2, 2014 at 6:01:02 PM -0700 "Paul B. Henson" <henson@acm.org> 
wrote:

> I've been testing the password policy module lately. I updated our
> development LDAP infrastructure Monday, basically loading and enabling the
> module, adding a default policy:
>
> This explains why the accesslog was running out of space, it was full of
> these. It doesn't explain why the slapd process exploded in memory use,
> unless I suppose the steady-state memory usage of a slapd this busy
> processing replication is higher than one that's not quite so busy.
>
> But I'm confused as to why loading the password policy module, for an
> account with a policy configured to pretty much not do anything, results
> in a modification of the CSN for every authentication?
>
> I'm going to go peruse the source code to see if I can determine what's
> going on, but any expert opinions would be most welcome.

I would suggest (if you haven't) enabling sync replication logging 
(loglevel sync) in addition to whatever other loglevels you have.  I've 
found it is possible to send MMR into an endless loop in some cases 
recently.  I'm still working on the reproduction case for it, but it 
happens 100% of the time for a client of ours eventually.

--Quanah


--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration