touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #35920
[Bug 292971] Re: nscd leaking memory using libnss-ldap
Hardy has seen the end of its life and is no longer receiving any
updates. Marking the Hardy task for this ticket as "Won't Fix".
** Changed in: eglibc (Ubuntu Hardy)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/292971
Title:
nscd leaking memory using libnss-ldap
Status in “eglibc” package in Ubuntu:
Fix Released
Status in “eglibc” source package in Lucid:
Fix Released
Status in “eglibc” source package in Hardy:
Won't Fix
Status in “eglibc” source package in Intrepid:
Won't Fix
Status in “eglibc” source package in Jaunty:
Won't Fix
Status in “eglibc” source package in Karmic:
Won't Fix
Bug description:
We've got our ubuntu servers (8.04.1 LTS) authenticating users against
an active directory libpam-krb5 and user account info is gotten via
libnss-ldap and nscd. However, the nscd process keeps growing in
memory image size until it fills the system memory completely. Memory
leak speed seems to correlate to the number of queries against nss.
The AD is Windows 2003 R2, using the R2 provided Identity management
for UNIX (ex-SFU) to provide LDAP attributes. There are about 50 user
objects and a dozen group objects matching the search filters
specified in /etc/ldap.conf, plus the stuff that goes with AD by
default.
On our mail server, which uses nss queries the most and suffers worst
from this problem, the memory usage gets up to 95MB (RES) and 203MB
(VIRT) in 12 hours as observed by top, and exceeds one gigabyte in 3-5
days.
I have tried turning paranoia mode on to restart the service
periodically, but for some reason it does not restart, just quits the
whole process (I don't know whether the paranoia mode is actually
supposed to workin Ubuntu, as it is not mentioned in documentation
provided with Ubuntu release, but it's parameters are in default
config file, so I decided to try).
Just tried to install a fresh Ubuntu 8.04.1 server where I installed
only libnss-ldap, nscd and their requirements, configured it for AD
connection and left idle for the night. nscd memory usage was up to
100MB in the morning when it initially (few minutes after restart) is
about 3.5MB.
*** Release and package info ***
Description: Ubuntu 8.04.1
Release: 8.04
nscd:
Installed: 2.7-10ubuntu4
Candidate: 2.7-10ubuntu4
Version table:
*** 2.7-10ubuntu4 0
500 http://fi.archive.ubuntu.com hardy-updates/universe Packages
100 /var/lib/dpkg/status
2.7-10ubuntu3 0
500 http://fi.archive.ubuntu.com hardy/universe Packages
*** Sanitized /etc/ldap.conf ***
base dc=our,dc=ad,dc=domain
uri ldaps://dc1.our.ad.domain ldaps://dc2.our.ad.domain
ldap_version 3
rootbinddn nsswitch@xxxxxx.DOMAIN
scope sub
pam_password crypt
nss_base_passwd dc=our,dc=ad,dc=domain?sub?&(uidNumber=*)
nss_base_group dc=our,dc=ad,dc=domain?sub?&(gidNumber=*)
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
pam_login_attribute sAMAccountName
pam_filter objectclass=User
nss_map_attribute userPassword unixUserPassword
ssl on
tls_checkpeer no
sasl_secprops maxssf=0
nss_initgroups_ignoreusers backup,bin,daemon,dhcp,dovecot,ftp,games,gnats,irc,klog,libuuid,list,lp,mail,man,news,ntp,postfix,proftpd,proxy,root,snmp,sshd,sync,sys,syslog,uucp,www-data
*** Password for nsswitch@xxxxxx.DOMAIN in /etc/ldap.secret ***
*** Using default package provided /etc/nscd.conf ***
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/292971/+subscriptions
