[Pkg-openldap-devel] Bug#660917: Bug#660917: Bug#660917: fileno ulimit regression: slapd rejects connections approaching 1024 simultaneous connections

[Steve Langasek]

On Wed, Feb 22, 2012 at 03:55:26PM -0800, Quanah Gibson-Mount wrote:
> --On Wednesday, February 22, 2012 2:36 PM -0800 Chris Hiestand
> <chiestand at salk.edu> wrote:

> >That's all fair enough, I've moved this to wishlist. I would find this
> >patch, or something like it, useful in order to make it easy for admins
> >of heavily-used servers to easily increase the ulimit and not have to
> >maintain a forked init file. Maintaining forks strains my technomage
> >capabilities ;-)

> I would note the only reason this is being hit at all is because
> slapd has been linked to tcpwrappers. I personally frown on such
> linking, as you can do much more sophisticated filtering at the ACL
> level in OpenLDAP, and all it does is create issues such as this
> one.  If you aren't using hosts.{allow,deny} then rebuild w/o the
> tcpwrappers linking, and this problem will disappear entirely.

Chris indicated that this was the *first* limit he hit.  You're still not
going to be able to open 1024 connections to a server with a ulimit of 1024,
whether you link to tcpwrappers or not.  It's not as though tcpwrappers is
leaking fds here or using them gratuitously.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20120222/b40f09d2/attachment.pgp>