Security Services Pack 2.0.5 (NMAS 3.2.0) Memory Leak

Summary

The problem is when syncing a large number of objects between trees via
an eDirectory to eDirectory Driver 3.5.1 on the following platform:

SLES 10 SP1
eDir 8.7.3.9
Security Services Pack 2.0.5 or 2.0.4

Symptoms

You recieve the following error after around 8,000 to 10,000 opjects
migrated or synchronised on the Trace Screen (Note the NMAS error as
well, NMAS was added to the trace in addition to the DirXML)

The following excert is from a level 0 trace with NMAS enabled trace,
this is point where the driver goes from success to error:

14:54:45 96387BA0 NMAS: Successful get distribution password for
10028160.STUDENTS.LDAP
14:54:45 96387BA0 NMAS: Successful get distribution password for
10028160.STUDENTS.LDAP
14:54:45 96387BA0 Drvrs: eDirectory LDAP-IDV Driver PT: DirXML Log Event
-------------------
Driver: LDAPTREELDAPServicesLDAP 351 Driver SeteDirectory LDAP-IDV
Driver
Channel: Publisher
Object: IDVAULTBICC_ORGSTUDENTS10028160 (LDAPSTUDENTS10028160)
Status: Success
14:54:45 96387BA0 NMAS: Successful get distribution password for
10087552.STUDENTS.LDAP
14:54:45 96387BA0 NMAS: ERROR: -253
createDALSession:createPwdPolcContext 14:54:45 96387BA0 NMAS: ERROR:
-253 createDALSession:createPwdPolcContext 14:54:45 96387BA0 Drvrs:
eDirectory LDAP-IDV Driver PT: DirXML Log Event -------------------
Driver: LDAPTREELDAPServicesLDAP 351 Driver SeteDirectory LDAP-IDV
Driver
Channel: Publisher
Object: IDVAULTBICC_ORGSTUDENTS10087552 (LDAPSTUDENTS10087552)
Status: Error
Message: Code(-9010) An exception occurred: novell.jclient.JCException:
generateKeyPair -253 DSERR_BAD_STATION_NUMBER


After the error occurs, the driver keeps processing each user but you
can no longer login to edirectory and the only way to restore operation
is to restart the ndsd, Upon restart the driver continues to work fine
again until it happens again.

Cause

After investigation NMAS 3.2.0 was causing memory leaks when setting the
Universal Password for each user.

Solution

The fix for this is to install a later
version of NMAS, version 3.2.0.1 FTF, which is a field test fix and can
be found at the following address.

http://download.novell.com/Download?buildid=x3Lxb4kjBiw~

Status

After the patch was applied to all servers, 20,000 users were
succesfully sync'd.

References

http://download.novell.com/Download?buildid=x3Lxb4kjBiw~

THE INFORMATION IN THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS WITHOUT WARRANTY OF ANY KIND. PROVIDER SPECIFICALLY DISCLAIMS ANY OTHER WARRANTY, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL PROVIDER BE LIABLE FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL OR INCIDENTAL DAMAGES, EVEN IF PROVIDER HAS BEEN ADVISED BY USER OF THE POSSIBILITY OF SUCH POTENTIAL LOSS OR DAMAGE. USER AGREES TO HOLD PROVIDER HARMLESS FROM AND AGAINST ANY AND ALL CLAIMS, LOSSES, LIABILITIES AND EXPENSES.

Document ID: SKB0514
Published on: 30 Jun 2008