[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: 1024 fd limit ?

> Hello.
> I've a problem which is not directly OPENLDAP related, but I don't know
> how to fix this properly.
> We have 3 openLdap Servers : One master, 2 slaves. (all under linux
> 2.2, openldap 2.0.7, NOT THREADED (cause we had strange crash with
> threads))
> And a bunch (several hundred) of clients doing authentification & nss
> against the 2 slaves (using libnss-ldap)
> the problem we have is that our 2 slaves hit more or less often the
> 1024 open file descriptor limit. (we were quite suprised that any
> client process use a distinctive socket to the LDAP server)

Sounds like libnss-ldap opens a connection per invocation, or something
similar. Since nss is a system-wide service, perhaps it should only open
a single connection per client machine. Failing that, set up an LDAP proxy
on every client machine that will accept requests on multiple connections
and forward them thru a single connection to the main servers.

Unfortunately, the back-ldap proxy in slapd is not written to behave this
but you could change it...

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc