nss_ldap when compiled on a nptl enabled glibc has a problem with gethostbyname. See this email from the kernel mailing list for more information: http://www.uwsg.iu.edu/hypermail/linux/kernel/0308.0/1774.html Setup and configure nss_ldap then after a while more and more unused connections will appear on the openldap server (can be seen with lsof) without connections listed on the client machine. This finally results in the openldap server being so bogged down it slows to a crawl. Adding an entry into /etc/hosts for the ip address of the machine that is the ldap server will correct the issue. Reproducible: Always Steps to Reproduce: Portage 2.0.50-r7 (default-x86-2004.0, gcc-3.3.2, glibc-2.3.2-r9, 2.6.5-gentoo-r1) ================================================================= System uname: 2.6.5-gentoo-r1 i686 Pentium III (Coppermine) Gentoo Base System version 1.4.10 Autoconf: sys-devel/autoconf-2.59-r3 Automake: sys-devel/automake-1.8.3 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -march=pentium3" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=pentium3" DISTDIR="/clfs/cluster/gentoo/distfiles" FEATURES="autoaddcvs ccache sandbox" GENTOO_MIRRORS="ftp://gentoo.ccccom.com ftp://ftp.gtlib.cc.gatech.edu/pub/gentoo http://gentoo.mirrors.pair.com/ http://gentoo.ccccom.com" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://asgard.int.omnis.com/gentoo-portage" USE="acl apache2 apm arts avi berkdb crypt cups curl encode fam flash foomaticdb gd gdbm gif gpm hardenedphp imagemagick imap imlib jpeg ldap libg++ libwww mad maildir mcal mikmod mmx motif mpeg mysql ncurses nls nptl oci8 oggvorbis opengl oss pam pdflib perl pfpro png python quicktime readline samba sdl slang snmp spell sse ssl svga tcpd truetype x86 xml2 xmms xv zlib"
More information on this issue. Adding the hosts entry just delayed the problem for a while, it still happens after a few hours. Furthermore, after recompiling glibc (and several applications) to remove nptl the issue still appears so now I'm not sure where the problem comes from.
are you using nscd? if not, turn it on. i'll see if i can get a chance to put together an ebuild with the patches for testing only, although i'm wondering why upstream didn't merge them after they said they would.
Yes, running nscd. It doesn't help the problem. It is interesting that even when running nscd, other processes still show connections to ldap (seen via lsof). I'm not sure if this is supposed to happen or not. Programs like ssh, postfix, apache, etc, all show connections to port 389. On this server the only thing LDAP is used for is for user lookups via nss_ldap and authentication via pam_ldap. To keep things stable I've added the option "idletimeout 7200" to the slapd.conf on the server so that it kills off the extra connections.
Also, at this time I'm believing that nptl was not to blame for the problem and the problems I was seeing just happened to be the same as in that email on the kernel list. Could be that the patch was applied to the main tree?
upgrade to the latest nss_ldap-22[06]. if this is still a problem after that, re-open.