[Date Prev][Date Next] [Chronological] [Thread] [Top]

Why is slapd opening so many tcp connections?

To: openldap-bugs@OpenLDAP.org
Subject: Why is slapd opening so many tcp connections?
From: Nikhil Datta <nikk@exocore.com>
Date: Fri, 14 Apr 2000 00:32:45 +0530 (IST)

I've just installed openldap 1.2.9-5, along with nss_ldap-107 on a freshly
formatted RH 6.2 box. Since this is a test machine, and I'm not afraid of
breaking things, I have replaced nsswitch.conf and all the /etc/pam.d
entries with those supplied in /usr/doc/nss*/pam.d.

I have used the online migration scripts to migrate system data to the
ldap database. I also created a single user, which I then removed from
/etc/passwd and /etc/group, leaving entries only in ldap.

I am able to successfully login as that user (though the performance seems
low).
What I have noticed is that at system boot, with slapd started, netstat
shows  2 open tcp connections to slapd (on port 389)

For every login by the ldap user, at least 4 additional connections
are established and kept open. Also currently (with no users logged in),
the machine has 25 open
connections to slapd. There are also a large number of connections showing
'CLOSE_WAIT'.

Is there any reason why there should be so many tcp connections open
simultaneously for a single user? - will this not lead to severe
performance problems?

Additionally - with the switched /etc/nswitch.conf, netstat shows entries
in the form :
tcp	0	0 dinky.exocore.com:1431	dinky.exocore.com:389
ESTABLISHED

however, if I shutdown slapd, the entries are of the form :

tcp	0	0 dinky.exocore.com:1431	dinky.exocore.com:ldap
ESTABLISHED

apparently the server is not able to resolve port 389 as ldap from the
'services' class in 
the slapd database. It is only able to resolve the service name if
/etc/services is avaliable. As a test,I wrote a perl script that does a
gerservbyproto call and returns the name of the service. The script
returns the name of the service correctly even if /etc/services has been
temporarily removed. Why is netstat unable to resolve the service name?

sorry for the long post - I'm evaluating ldap for production use and would
like to have a fairly decent understanding before I proceed.
Finally, is there a suite of ldapified client tools (adduser, chfn etc.)
available. From the archives it is apparent that several people have
written such scripts. If you have, could you please mail them to me?

tia

nikk

Prev by Date: Re: Why is slapd opening so many tcp connections?
Next by Date: Re: SASL authentication, authorization and data encryption support (ITS#501)
Index(es):
- Chronological
- Thread