Re: Why is slapd opening so many tcp connections?

[Julio Sánchez Fernández <j_sanchez@stl.es>]

Nikhil Datta wrote:

> I am able to successfully login as that user (though the performance seems
> low).

Look for nscd (the Name Service Cache Daemon), nscd-2.1.3-15 should be
on the CD.  Performance improvement will be dramatic.  Finger will never
be fast, but even finger -m will be quick.  Make sure you index cn, uid,
uidnumber, gidnumber and memberuid.

> What I have noticed is that at system boot, with slapd started, netstat
> shows  2 open tcp connections to slapd (on port 389)

Every process that makes a call to any get*by* function for things you
provide from LDAP will open that connection and will keep it open
forever if it can.  That's just the way it is.  Unless you use nscd,
that is.  In the latter case, every nscd thread will open a connection
and processes created after nscd is started will not open new connections.
Well, nscd is not exactly the most stable thing around, but it is worth
installing.

It will only work for users, groups and hosts, though.

> Is there any reason why there should be so many tcp connections open
> simultaneously for a single user? - will this not lead to severe
> performance problems?

It might, the sequential scan of file descriptors after a select is
unavoidable.  But would have to get to a lot of connections (think
thousands) before seeing the impact.

> temporarily removed. Why is netstat unable to resolve the service name?

I have never used LDAP for services.  You should probably take it to the
LDAP NIS list, subscribe by writing to ldap-nis-request@padl.com.

Julio