Humm... I have an OpenLDAP server listening in ldaps:// and ldapi://. Simple and SASL authentication are enabled.
I am trying to run in the same machine another OpenLDAP server listening only in ldap://, but acting as a replica of the existing OpenLDAP server. In this second server, I want to disable simple authentication and enforce stronger SASL mechanisms in order to bind to it. My intention is to use ldap:// to serve NSS_LDAP modules and use ldaps:// to serve PAM_LDAP modules on workstations. Now, I am using ldaps:// to serve either NSS_LDAP and PAM_LDAP and if I run 2500 instances of "getent passwd", my LDAP server eats all CPU resources because of the encryption. If I run 2500 instances of "getent passwd" agains a ldap:// server, the server uses no more than 5% of CPU resources. Good performance, but using ldap:// in PAM_LDAP arises a security problem in my network. The file I attached here has the full LDAP base and OpenLDAP configuration I use here. I only moved configuration and databases to my home directory (/home/amg1127) in order to avoid conflict with my existing server. Unfortunately, I couldn't reproduce the bug by using a little base. -- Slave slapd crashes when doing syncrepl https://bugs.launchpad.net/bugs/227178 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
