Public bug reported: We've got our ubuntu servers (8.04.1 LTS) authenticating users against an active directory libpam-krb5 and user account info is gotten via libnss-ldap and nscd. However, the nscd process keeps growing in memory image size until it fills the system memory completely. Memory leak speed seems to correlate to the number of queries against nss.
The AD is Windows 2003 R2, using the R2 provided Identity management for UNIX (ex-SFU) to provide LDAP attributes. There are about 50 user objects and a dozen group objects matching the search filters specified in /etc/ldap.conf, plus the stuff that goes with AD by default. On our mail server, which uses nss queries the most and suffers worst from this problem, the memory usage gets up to 95MB (RES) and 203MB (VIRT) in 12 hours as observed by top, and exceeds one gigabyte in 3-5 days. I have tried turning paranoia mode on to restart the service periodically, but for some reason it does not restart, just quits the whole process (I don't know whether the paranoia mode is actually supposed to workin Ubuntu, as it is not mentioned in documentation provided with Ubuntu release, but it's parameters are in default config file, so I decided to try). Just tried to install a fresh Ubuntu 8.04.1 server where I installed only libnss-ldap, nscd and their requirements, configured it for AD connection and left idle for the night. nscd memory usage was up to 100MB in the morning when it initially (few minutes after restart) is about 3.5MB. *** Release and package info *** Description: Ubuntu 8.04.1 Release: 8.04 nscd: Installed: 2.7-10ubuntu4 Candidate: 2.7-10ubuntu4 Version table: *** 2.7-10ubuntu4 0 500 http://fi.archive.ubuntu.com hardy-updates/universe Packages 100 /var/lib/dpkg/status 2.7-10ubuntu3 0 500 http://fi.archive.ubuntu.com hardy/universe Packages *** Sanitized /etc/ldap.conf *** base dc=our,dc=ad,dc=domain uri ldaps://dc1.our.ad.domain ldaps://dc2.our.ad.domain ldap_version 3 rootbinddn [EMAIL PROTECTED] scope sub pam_password crypt nss_base_passwd dc=our,dc=ad,dc=domain?sub?&(uidNumber=*) nss_base_group dc=our,dc=ad,dc=domain?sub?&(gidNumber=*) nss_map_objectclass posixAccount user nss_map_objectclass shadowAccount user nss_map_attribute uid sAMAccountName nss_map_attribute homeDirectory unixHomeDirectory nss_map_attribute shadowLastChange pwdLastSet nss_map_objectclass posixGroup group nss_map_attribute uniqueMember member pam_login_attribute sAMAccountName pam_filter objectclass=User nss_map_attribute userPassword unixUserPassword ssl on tls_checkpeer no sasl_secprops maxssf=0 nss_initgroups_ignoreusers backup,bin,daemon,dhcp,dovecot,ftp,games,gnats,irc,klog,libuuid,list,lp,mail,man,news,ntp,postfix,proftpd,proxy,root,snmp,sshd,sync,sys,syslog,uucp,www-data *** Password for [EMAIL PROTECTED] in /etc/ldap.secret *** *** Using default package provided /etc/nscd.conf *** ** Affects: glibc (Ubuntu) Importance: Undecided Status: New ** Tags: libnss-ldap memory nscd -- nscd leaking memory using libnss-ldap https://bugs.launchpad.net/bugs/292971 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs