[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Protecting a slapd Server from Excessive Client Queries

Kurt D. Zeilenga wrote:
At 11:27 AM 2/7/2006, Ramseyer, Ken wrote:
Can OpenLDAP (slapd) be protected from a runaway client process that
repeatedly calls ldap_search thousands of times a second?

IIRC, slapd(8) will attempt to prevent a single connection to consume more than half thread pool. Of course, client which consumes half the thread pool for even short periods of time can adversely affect service to other clients.

Beyond this, no other slapd(8) features come to mind.
And of course, a moderately powerful machine can easily service thousands of searches per second. So the other question is,
what are you really trying to protect against?

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/