yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1896125] [NEW] LDAP paging leaks memory

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Lance Bragstad <1896125@xxxxxxxxxxxxxxxxxx>
Date: Thu, 17 Sep 2020 21:12:56 -0000
Reply-to: Bug 1896125 <1896125@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

If you're using page_size [0] and are integrating keystone with an LDAP
server that supports paging (like Active Directory), it's possible to
see keystone memory footprint slowly increase over time.

The problem isn't as noticable with large page sizes (e.g., page_size =
10000). But it's noticable when you use small page sizes (e.g.,
page_size = 5).

I hit this issue using Active Directory with 10,000 users. I set my
page_size to 5 and listed users continuously for an hour. During that
time I noticed keystone's total memory consumption on the host increase
from 5% to 14%.

Additionally, the problem is exacerbated using page_size = 1.

I was unsuccessful in reproducing this issue with FreeIPA, which is
another LDAP implementation that doesn't support paging. Keystone
automatically disables paging if the LDAP server doesn't support it.

It seems there is a memory leak somewhere in keystone's LDAP paging
implementation.

[0] https://docs.openstack.org/keystone/latest/configuration/config-
options.html#ldap.page_size

** Affects: keystone
     Importance: Undecided
         Status: New


** Tags: ldap

** Tags added: ldap

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1896125

Title:
  LDAP paging leaks memory

Status in OpenStack Identity (keystone):
  New

Bug description:
  If you're using page_size [0] and are integrating keystone with an
  LDAP server that supports paging (like Active Directory), it's
  possible to see keystone memory footprint slowly increase over time.

  The problem isn't as noticable with large page sizes (e.g., page_size
  = 10000). But it's noticable when you use small page sizes (e.g.,
  page_size = 5).

  I hit this issue using Active Directory with 10,000 users. I set my
  page_size to 5 and listed users continuously for an hour. During that
  time I noticed keystone's total memory consumption on the host
  increase from 5% to 14%.

  Additionally, the problem is exacerbated using page_size = 1.

  I was unsuccessful in reproducing this issue with FreeIPA, which is
  another LDAP implementation that doesn't support paging. Keystone
  automatically disables paging if the LDAP server doesn't support it.

  It seems there is a memory leak somewhere in keystone's LDAP paging
  implementation.

  [0] https://docs.openstack.org/keystone/latest/configuration/config-
  options.html#ldap.page_size

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1896125/+subscriptions

Follow ups

[Bug 1896125] Re: LDAP paging leaks memory
From: OpenStack Infra, 2020-10-15