[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.4.45 possible denial of service vulnerability?

To: Geert Hendrickx <geert@hendrickx.be>
Subject: Re: OpenLDAP 2.4.45 possible denial of service vulnerability?
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Thu, 07 Feb 2019 11:10:45 -0800
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <20190206134235.GA29414@vera.ghen.be>
References: <88b17ef74a674a3ab355d93abf9d6c93@swisscom.com> <179C58375D6C224407F92BB5@[192.168.1.39]> <20190206134235.GA29414@vera.ghen.be>

--On Wednesday, February 06, 2019 2:42 PM +0100 Geert Hendrickx<geert@hendrickx.be> wrote:

On Wed, Jan 30, 2019 at 06:53:02 -0800, Quanah Gibson-Mount wrote:

A tool-threads setting > 2 is ignored with back-mdb.



Interesting, it seems this is not docmented?

I documented it for Zimbra at<https://wiki.zimbra.com/wiki/OpenLDAP_Tuning_Keys_8.0>

It probably should be noted in slapd.conf(5)/slapd-config(5) man pages.With back-mdb, any setting above 2 is simply converted to 2. This was dueto the fact that extensive testing I did several years back found that thegreater the number of tools threads (past 2), the slower the import.


--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- Re: OpenLDAP 2.4.45 possible denial of service vulnerability?
  - From: Geert Hendrickx <geert@hendrickx.be>

Prev by Date: Re: Locking down ciphers in OpenLDAP with GnuTLS
Next by Date: [Q] RFC2307bis2 "An Approach for Using LDAP as a Network Information Service"
Index(es):
- Chronological
- Thread