Comment 3 for bug 227178
Revision history for this message
| Anderson (amg1127) wrote Re: Slave slapd crashes when doing syncrepl | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Humm...
I have an OpenLDAP server listening in ldaps:// and ldapi://. Simple and SASL authentication are enabled.
I am trying to run in the same machine another OpenLDAP server listening only in ldap://, but acting as a replica of the existing OpenLDAP server. In this second server, I want to disable simple authentication and enforce stronger SASL mechanisms in order to bind to it. My intention is to use ldap:// to serve NSS_LDAP modules and use ldaps:// to serve PAM_LDAP modules on workstations.
Now, I am using ldaps:// to serve either NSS_LDAP and PAM_LDAP and if I run 2500 instances of "getent passwd", my LDAP server eats all CPU resources because of the encryption. If I run 2500 instances of "getent passwd" agains a ldap:// server, the server uses no more than 5% of CPU resources. Good performance, but using ldap:// in PAM_LDAP arises a security problem in my network.
The file I attached here has the full LDAP base and OpenLDAP configuration I use here. I only moved configuration and databases to my home directory (/home/amg1127) in order to avoid conflict with my existing server. Unfortunately, I couldn't reproduce the bug by using a little base.