feedback on ldap improvement in samba 4.11

Gary Lockyer gary at
Tue Nov 19 20:41:42 UTC 2019

Sorry did not word that the way I intended.  I'm reluctant to
automatically re-spawn a new process when it's predecessor was
terminated with a SIGKILL.  It just seems a bit like introducing samba
process "whack a mole" into some poor sysadmins day.

Perhaps with an option to enable restart on SIGKILL and clearly document
the behaviour. Expanding the log messages to clearly explain what's
going on, would also be useful.

So a qualified Yes

Ngā mihi

On 20/11/19 09:25, Andrew Bartlett wrote:
> We can't ignore SIGKILL, which is why the OOM killer uses it.
> What is being asked for is to add SIGKILL to the list of signals
> eligible for a restart in prefork_child_pipe_handler. 
> Andrew Bartlett
> On Wed, 2019-11-20 at 09:10 +1300, Gary Lockyer via samba-technical
> wrote:
>> Yeah still a little reluctant about having processes ignoring
>> but given that we use the control pipes to shut down it should
>> probably
>> be ok.  It's just going to require a bit of thought to make sure
>> things
>> can be shut down.
>> Ngā mihi
>> Gary
>> On 20/11/19 08:53, Andrew Bartlett via samba-technical wrote:
>>> On Wed, 2019-11-13 at 11:24 +0100, Denis Cardon via samba-technical
>>> wrote:
>>>> Hi everyone,
>>>> I just wanted to say how impressed I was with the improvement in
>>>> memory 
>>>> handling in ldap server in samba 4.11 that were announced in the
>>>> changelog.
>>>> I was doing some debug on OOMKiller issues on a Samba-AD 4.9 with
>>>> a 
>>>> large database in production. There are some buggy softwares that
>>>> make 
>>>> queries for all users (the most peculiar one I have seen is a
>>>> print 
>>>> driver...) and Samba 4.9 properly handles the query but allocate
>>>> around 
>>>> 2GiB RAM for the query while the client downloads the result.
>>>> With a 
>>>> handfull of such queries piling up it can quickly run the server
>>>> out
>>>> of 
>>>> memory.
>>>> On the other hand with Samba-4.11 memory is allocated in a much
>>>> more 
>>>> frugal way and it can handle hundred of such buggy queries
>>>> without 
>>>> crashing (it may be slow but it does not crash). So kudos the
>>>> Catalyst 
>>>> dev team for that great piece of work!
>>> Thank you so much!  This work started long, long ago when Simo (at
>>> the
>>> time controversially) made ldb async, so it was really nice to be
>>> able
>>> to finish the job and see the end result finally show in something
>>> so
>>> valuable. 
>>> When we did it, we were not sure that it would help outside our
>>> synthetic benchmarks, so to hear the difference it makes in the
>>> real
>>> world is wonderful!
>>>> About the prefork model, the master ldap process is properly
>>>> restarting 
>>>> the child process after a SIGTERM but it is not restarting after
>>>> a 
>>>> SIGKILL. Is it normal?
>>> I get Gary's view about a manual kill -9 respawing perhaps being
>>> unwanted, but I agree, a re-spawn system that doesn't cope with the
>>> OOM
>>> killer is less than ideal, I would have expected such a process to
>>> be
>>> restarted (perhaps after a bit longer wait). 
>>> Andrew Bartlett

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the samba-technical mailing list