Bug#378261: [Pkg-openldap-devel] Bug#378261: slapd fails under heavy
load due to descriptor limit
Quanah Gibson-Mount
quanah at stanford.edu
Thu Sep 28 21:08:43 UTC 2006
--On Thursday, September 28, 2006 1:46 PM -0700 Chris Adams
<cadams at salk.edu> wrote:
>
> On 2006-09-28, at 1:11 PM, Quanah Gibson-Mount wrote:
>> If I change the ulimit to 1024, then it fails at:
>>
>> Sep 28 13:09:59 ldap-test2 slapd[29388]: warning: cannot open /etc/
>> hosts.allow: Too many open files
>> Sep 28 13:09:59 ldap-test2 slapd[29388]: error: bad option name:
>> "171.64.11.148"
>> Sep 28 13:09:59 ldap-test2 slapd[29388]: fd=1023 DENIED from
>> 171.64.11.148 (171.64.11.148)
>>
>> So basically, this is something that can easily be overcome by the
>> user if they need to, and doesn't require any particular compile
>> options on the servers side. I don't really see this as any sort
>> of DoS issue, but a user configuration issue. But that's my 2c.
>
> That's a different error than I get - which is why I don't think it'sa
> tcp wrappers issue. The problem which we see looks like this:
>
> Sep 28 06:30:01 economo slapd[26971]: daemon: 1024 beyond descriptortable
> size 1024
>
> /etc/init.d/slapd has ulimit -n 8192 (at least since January when
> Icustomized it to deal with #340266); it's also in the
> dpkg-defaultversion as well) but slapd will reliably start rejecting
> anythingbeyond the first 1023 connections unless it's built
> withOPENLDAP_FD_SETSIZE set to a higher value.
Hm, that's odd. Because it doesn't do that at all for me. Although I'm
running on a 64-bit platform, so maybe that's why?
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
More information about the Pkg-openldap-devel
mailing list