Bug#378261: [Pkg-openldap-devel] Bug#378261: slapd fails under heavy
load due to descriptor limit
Chris Adams
cadams at salk.edu
Thu Sep 28 20:46:10 UTC 2006
On 2006-09-28, at 1:11 PM, Quanah Gibson-Mount wrote:
> If I change the ulimit to 1024, then it fails at:
>
> Sep 28 13:09:59 ldap-test2 slapd[29388]: warning: cannot open /etc/
> hosts.allow: Too many open files
> Sep 28 13:09:59 ldap-test2 slapd[29388]: error: bad option name:
> "171.64.11.148"
> Sep 28 13:09:59 ldap-test2 slapd[29388]: fd=1023 DENIED from
> 171.64.11.148 (171.64.11.148)
>
> So basically, this is something that can easily be overcome by the
> user if they need to, and doesn't require any particular compile
> options on the servers side. I don't really see this as any sort
> of DoS issue, but a user configuration issue. But that's my 2c.
That's a different error than I get - which is why I don't think it's
a tcp wrappers issue. The problem which we see looks like this:
Sep 28 06:30:01 economo slapd[26971]: daemon: 1024 beyond descriptor
table size 1024
/etc/init.d/slapd has ulimit -n 8192 (at least since January when I
customized it to deal with #340266); it's also in the dpkg-default
version as well) but slapd will reliably start rejecting anything
beyond the first 1023 connections unless it's built with
OPENLDAP_FD_SETSIZE set to a higher value.
Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2359 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20060928/10f0931d/smime.bin
More information about the Pkg-openldap-devel
mailing list