Memory leak when using pam_ldap in long running processes

Bug #1418265 reported by Michael Koziarski
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libpam-ldap (Ubuntu)
New
Medium
Unassigned

Bug Description

We're experiencing fairly significant memory leaks when using pam_ldap when used from nginx. After some preliminary investigation it seems to be similar to the redhat issue 660236:

https://bugzilla.redhat.com/show_bug.cgi?id=660236

The symptoms are substantial amounts of memory being leaked per request when the pam_authenticate call is used. Working from the assumption that this is caused by the loss of memory when dlclose is called I preloaded the pam module by adding the following to /etc/default/nginx

LD_PRELOAD=/lib/x86_64-linux-gnu/security/pam_ldap.so

at that point the leaks stopped immediately.

Revision history for this message
Michael Koziarski (michael-koziarski) wrote :

Version information:

$ lsb_release -rd
Description: Ubuntu 14.04.1 LTS
Release: 14.04

$ aptitude show libpam-ldap
Package: libpam-ldap
State: installed
Automatically installed: yes
Multi-Arch: same
Version: 184-8.5ubuntu3

Revision history for this message
Arthur de Jong (adejong) wrote :

The aptitude output shows that the bug is in libpam-ldap, not in libpam-ldapd (part of nss-pam-ldapd).

affects: nss-pam-ldapd (Ubuntu) → libpam-ldap (Ubuntu)
Revision history for this message
Robie Basak (racb) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

I don't see a patch for this issues - it looks like Red Hat just stopped the module from unloading, and your workaround has the same effect.

Setting Importance: Medium as a workaround is available. Thank you for posting your results - hopefully it will be helpful to others.

Changed in libpam-ldap (Ubuntu):
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.