> Does this happen only with client activity, or does it also happen
> when the server is dormant? If the server is being actively used by
> clients, what's the rate of connects/disconnects?
I made some tests, and it seems that it happens with client activity.
If I run the same ldapsearch command in a loop, slapd memory usage
(as reported by ps) goes up by about 1 byte per command. For example,
I run it 1000 times, resident goes up by about 1000 bytes (sometimes 980
or so); virtual also goes up, sometimes 1400, sometimes 500, sometimes
something in between. (If I don't do such a test, slapd memory usage
can stay the same for a minute or so, probably because client activity
is normally very little.)
I attach my slapd.conf.
I will also take a look into valgrind, never used it.
# Loading of backend modules - automatically generated
modulepath /usr/lib/ldap
moduleload back_bdb
# This is the main ldapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
#schemacheck on
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
replogfile /var/lib/ldap/replog
loglevel 0
#######################################################################
# ldbm database definitions
#######################################################################
database bdb
suffix "dc=itia,dc=ntua,dc=gr"
rootdn "uid=admin,dc=itia,dc=ntua,dc=gr"
rootpw ##################
directory "/var/lib/ldap"
index uid eq
index cn eq
index gn,mail eq,sub
index sn eq,sub
index ou eq
index default eq,sub
index objectClass eq
lastmod on
# Security policy: admin can do anything at all; userPassword can be
# read or written by self only; all other attributes readable by all,
# writeable by self. Anonymous access not allowed.
access to attrs=userPassword
by anonymous auth
by self write
by * none
# This is needed for Samba to be able to make group mappings
access to attrs=objectClass
by dn="uid=samba,ou=daemons,dc=itia,dc=ntua,dc=gr" write
by anonymous none
by users read
access to attrs=sambaLMPassword,sambaNTPassword
by dn="uid=samba,ou=daemons,dc=itia,dc=ntua,dc=gr" write
by self write
by * auth
access to
attrs=sambaPwdLastSet,sambaLogonTime,sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName,sambaMungedDial,sambaBadPasswordCount,sambaBadPasswordTime,sambaPasswordHistory,sambaLogonHours,sambaSID,sambaSIDList,sambaTrustFlags,sambaGroupType,sambaNextRid,sambaNextGroupRid,sambaNextUserRid,sambaAlgorithmicRidBase,sambaShareName,sambaOptionName,sambaBoolOption,sambaIntegerOption,sambaStringOption,sambaStringListoption
by dn="uid=samba,ou=daemons,dc=itia,dc=ntua,dc=gr" write
by self write
by * none
access to dn="sambaDomainName=ITIA,dc=itia,dc=ntua,dc=gr" attrs=entry
by dn="uid=samba,ou=daemons,dc=itia,dc=ntua,dc=gr" write
by * none
access to dn="dc=itia,dc=ntua,dc=gr" attrs=children
by dn="uid=samba,ou=daemons,dc=itia,dc=ntua,dc=gr" write
by * none
access to dn="ou=groups,dc=itia,dc=ntua,dc=gr" attrs=children
by dn="uid=samba,ou=daemons,dc=itia,dc=ntua,dc=gr" write
by * none
access to *
by anonymous none
by users read
#TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /etc/ssl/certs/ca-certificates.crt
TLSCertificateFile /etc/ssl/certs/itia.ntua.gr.pem
TLSCertificateKeyFile /etc/ssl/private/itia.ntua.gr.pem
TLSVerifyClient allow
