[Samba] LDAP connection leak?

Wil Cooley wcooley at nakedape.cc
Fri Jan 23 22:09:00 GMT 2004 

I've set up Samba 3 as a PDC/BDC with LDAP.  Yesterday we upgraded from
3.0.1 to 3.0.2rc1, which fixed some client-to-client problems we were
having.  Shortly after midnight this morning the PDC stopped--the
general syslog logs, the LDAP log, and the Samba logs.  The only process
that seems to continue is NTP, which after start-up does nothing NSS or
PAM-related.  This leads me to think slapd is stopping for some reason
and this total system hang is your general LDAP-NSS/PAM death.  nss_ldap
and pam_ldap are configured to fail over to the remote slave LDAP
server, but I just noticed I had the hostname spelled wrong.

It does, however, indicate a potential problem with Samba--smbd seems to
make an inordinate number of connections to slapd and I suspect is
leaking connections.  Here's what slapd started logging, just before
everything came to a halt:

Jan 23 00:07:30 teradactyl slapd[31707]: deferring operation
Jan 23 00:07:37 teradactyl last message repeated 3 times
Jan 23 00:07:37 teradactyl slapd[31707]: daemon: conn=39649 fd=52 connection from IP=127.0.0.1:42976 (IP=0.0.0.0:389) accepted.
Jan 23 00:08:07 teradactyl slapd[31707]: deferring operation
Jan 23 00:08:07 teradactyl slapd[31707]: deferring operation
Jan 23 00:08:07 teradactyl slapd[31707]: daemon: conn=39650 fd=54 connection from IP=127.0.0.1:42983 (IP=0.0.0.0:389) accepted.
Jan 23 00:08:34 teradactyl slapd[31707]: daemon: conn=39651 fd=55 connection from IP=127.0.0.1:42990 (IP=0.0.0.0:389) accepted.
Jan 23 00:08:37 teradactyl slapd[31707]: deferring operation
Jan 23 00:08:37 teradactyl slapd[31707]: deferring operation

The connections started a 0 Jan 19th, at 14:35.  Notice, however, how
high the 'fd=' descriptor is at this point--which leads me to believe
that Samba isn't closing open socket connections.

Wil
-- 
Wil Cooley                                 wcooley at nakedape.cc
Naked Ape Consulting                        http://nakedape.cc
* * * * Linux, UNIX, Networking and Security Solutions * * * *
* Naked Ape Consulting                   http://nakedape.cc  *
* Sophos Anti-Virus Reseller       http://nakedape.cc/r/sav  *
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040123/572e50fd/attachment.bin

More information about the samba mailing list