[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4780) ACL set memory leak

Full_Name: David Hawes
Version: 2.3.30
OS: Debian GNU/Linux 3.1
Submission from: (NULL) (

When using ACL sets, OpenLDAP 2.3.30 steadily uses up all the system memory
before crashing (slapd: ch_malloc.c:57: ch_malloc: Assertion `0' failed).

The system is loaded using SLAMD with 4 clients doing anonymous searches on a
filter file of approximately 300,000 filters (taken from a typical day on a
production server).  SLAMD reports that 2885650 entries are returned in the 30
minutes it takes to use up all available memory (4G).

The instance contains approximately 1 million entries in a bdb backend, and uses
the following simple set of ACLs for this test:

access to dn.base=""
    by * read

access to dn.base="cn=Subschema"
    by * read

access to dn.base="dc=example,dc=com"
    by * read

access to dn.base="ou=People,dc=example,dc=com"
    by * read

access to *
    by set="[string1] & [string2]" read
    by peername.ip=<slamd client ip 1> read
    by peername.ip=<slamd client ip 2> read
    by peername.ip=<slamd client ip 3> read
    by peername.ip=<slamd client ip 4> read
    by * none

Removing the "by set=" clause and running the SLAMD job causes OpenLDAP memory
usage to stabilize.

I notice the same behavior on 2.3.27, but did not notice it with older versions
such as 2.2.26.