Problem Note 54709: A SASĀ® Metadata Server that is configured for Direct Lightweight Directory Access Protocol (LDAP) generates an "Insufficient memory" error
 |  |  |  |  |
A SAS® Metadata Server that is configured for Direct LDAP authentication over SSL/TLS (LDAPS) might stop responding. When this problem occurs, the SAS Metadata server log contains an insufficient memory message, as illustrated by the following sample log output.
2014-11-24T03:16:04,342 INFO [00614445] 376059:sas - Client connection 376059 for user sasdemo@sasbi.com closed. 2014-11-24T03:17:04,924 INFO [00614473] :sasdemo@sasbi.com - New client connection (375977) accepted from server port 8561 for user sasdemo@sasbi.com. Encryption level is Credentials using encryption algorithm SASPROPRIETARY. Peer IP address and port are [::ffff:10.104.124.12]:55562. 2014-11-24T03:17:04,934 INFO [00614478] 375977:sasdemo@sasbi.com - Status return code=803fc002.... 2014-11-24T03:17:04,940 ERROR [00614478] 375977:sasdemo@sasbi.com - Insufficient memory 2014-11-24T03:17:57,226 INFO [00614500] 13:sasadm@saspw - GetMetadataObjects return code=803fc002.... 2014-11-24T03:17:57,226 ERROR [00614500] 13:sasadm@saspw - Insufficient memory 2014-11-24T03:18:16,295 ERROR [00614510] :sas - OpenSSL error 218906689 occurred in function SSL_CTX_load_verify_locations at line 2670, the error message is error:0D0C4041:asn1 encoding routines:c2i_ASN1_OBJECT:malloc failure. 2014-11-24T03:18:16,296 WARN [00614510] :sas - New client connection (376686) rejected from server port 8561 for user sasdemo. Peer IP address and port are [::ffff:10.104.124.12]:54355. 2014-11-24T03:18:16,296 INFO [00614510] :sas - Client connection 376686 closed. 2014-11-24T03:18:57,301 INFO [00614527] 13:sasadm@saspw - GetMetadataObjects return code=803fc002.... 2014-11-24T03:18:57,301 ERROR [00614527] 13:sasadm@saspw - Insufficient memory 2014-11-24T03:19:22,051 ERROR [00614539] :sas - OpenSSL error 117850177 occurred in function SSL_CTX_load_verify_locations at line 2670, the error message is error:07064041:memory buffer routines:BUF_MEM_grow:malloc failure. 2014-11-24T03:19:22,051 WARN [00614539] :sas - New client connection (376185) rejected from server port 8561 for user sasdemo. Peer IP address and port are [::ffff:10.104.124.12]:46625.
The insufficient memory condition is produced by a memory leak when you use an SSL/TLS connection to the LDAP server. The time it takes to encounter the error depends on the number of authentications and the total amount of memory available to the SAS Metadata server process.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Metadata Server | 64-bit Enabled AIX | 9.3 | 9.4_M3 | 9.3 TS1M0 | 9.4 TS1M3 |
| 64-bit Enabled HP-UX | 9.3 | 9.4_M3 | 9.3 TS1M0 | 9.4 TS1M3 | ||
| 64-bit Enabled Solaris | 9.3 | 9.4_M3 | 9.3 TS1M0 | 9.4 TS1M3 | ||
| HP-UX IPF | 9.3 | 9.4_M3 | 9.3 TS1M0 | 9.4 TS1M3 | ||
| Linux | 9.3 | 9.4_M3 | 9.3 TS1M0 | 9.4 TS1M3 | ||
| Linux for x64 | 9.3 | 9.4_M3 | 9.3 TS1M0 | 9.4 TS1M3 | ||
| Solaris for x64 | 9.3 | 9.4_M3 | 9.3 TS1M0 | 9.4 TS1M3 | ||
A fix for this issue for SAS Threaded Kernel Core Routines 9.3_M2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/I29.html#54709| Type: | Problem Note |
| Priority: | high |
| Topic: | System Administration ==> Security ==> Authentication |
| Date Modified: | 2014-12-02 09:17:20 |
| Date Created: | 2014-11-24 15:14:32 |