https://bugs.openldap.org/show_bug.cgi?id=10228
Issue ID: 10228 Summary: config LDAP_BACK_CONN_PRIV_MAX to higher value Product: OpenLDAP Version: 2.5.16 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: shaosong.li@salesforce.com Target Milestone: ---
Hi,
LDAP_BACK_CONN_PRIV_MAX parameter is set to 256 by below config,
https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_5/serve...
Can we set this value to a higher value, such as 7k/10k, which is commonly used in PingDirectory. Any reason that we set this value to a low value like 256, thanks.
https://bugs.openldap.org/show_bug.cgi?id=10228
--- Comment #1 from Howard Chu hyc@openldap.org --- (In reply to shaosong.li from comment #0)
Hi,
LDAP_BACK_CONN_PRIV_MAX parameter is set to 256 by below config,
https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_5/ servers/slapd/back-ldap/back-ldap.h#L396
Can we set this value to a higher value, such as 7k/10k, which is commonly used in PingDirectory. Any reason that we set this value to a low value like 256, thanks.
Why do you need more than 256 concurrent superuser connections?
https://bugs.openldap.org/show_bug.cgi?id=10228
--- Comment #2 from shaosong.li@salesforce.com --- When we are doing testing with symas-openldap V2.5.16, we have the err=52 when our traffic is high, about 100k per minute. It seems the requests are waiting in the queue since the max connection is limited to 256. We are using PingDirectory Service now, which has the max connection pool set to 7k and we don't have the issue there.
So we are wandering if we could increase the conn_pool_max to a higher number such as 5k to see if we can resolve this issue.
Thanks.
openldap-its@openldap.org wrote:
https://bugs.openldap.org/show_bug.cgi?id=10228
--- Comment #2 from shaosong.li@salesforce.com --- When we are doing testing with symas-openldap V2.5.16, we have the err=52 when our traffic is high, about 100k per minute. It seems the requests are waiting in the queue since the max connection is limited to 256.
That is not what this parameter controls. I asked you very specifically - why do you need more than 256 concurrent *superuser* connections? This limit doesn't affect regular user connections.
We are using PingDirectory Service now, which has the max connection pool set to 7k and we don't have the issue there.
There is no connection pool size limit for regular connections in back-ldap.
So we are wandering if we could increase the conn_pool_max to a higher number such as 5k to see if we can resolve this issue.
No.
Make sure your nfiles ulimit is high enough.
There is nothing to fix here, closing this ITS.
https://bugs.openldap.org/show_bug.cgi?id=10228
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID
https://bugs.openldap.org/show_bug.cgi?id=10228
--- Comment #3 from shaosong.li@salesforce.com --- why this issue is marked as resolved and invalid?
https://bugs.openldap.org/show_bug.cgi?id=10228
--- Comment #4 from Howard Chu hyc@openldap.org --- (In reply to shaosong.li from comment #3)
why this issue is marked as resolved and invalid?
--- Comment #2 from shaosong.li@salesforce.com --- When we are doing testing with symas-openldap V2.5.16, we have the err=52 when our traffic is high, about 100k per minute. It seems the requests are waiting in the queue since the max connection is limited to 256.
That is not what this parameter controls. I asked you very specifically - why do you need more than 256 concurrent *superuser* connections? This limit doesn't affect regular user connections.
We are using PingDirectory Service now, which has the max connection pool set to 7k and we don't have the issue there.
There is no connection pool size limit for regular connections in back-ldap.
So we are wandering if we could increase the conn_pool_max to a higher number such as 5k to see if we can resolve this issue.
No.
Make sure your nfiles ulimit is high enough.
There is nothing to fix here, closing this ITS.
https://bugs.openldap.org/show_bug.cgi?id=10228
--- Comment #5 from shaosong.li@salesforce.com --- Thanks,
The nfiles ulimit is set to 500000 for openldap service now.
cat /usr/lib/systemd/system/slapd.service # replace at path /usr/lib/systemd/system/slapd.service [Unit] Description=Symas OpenLDAP Server Daemon After=network-online.target Documentation=man:slapd Documentation=man:slapd-config Documentation=man:slapd-mdb
[Service] Type=notify LimitNOFILE=500000 Environment="SLAPD_URLS=ldaps://0.0.0.0:9443/ ldapi:///" "SLAPD_OPTIONS=" EnvironmentFile=-/etc/default/symas-openldap ExecStart=/opt/symas/lib/slapd -d 0 -h ${SLAPD_URLS} $SLAPD_OPTIONS Restart=always
ulimit -n 524288
https://bugs.openldap.org/show_bug.cgi?id=10228
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | Status|RESOLVED |VERIFIED
-
Howard Chu -
openldap-its@openldap.org