On Fri, Mar 12, 2010 at 7:10 AM, Aaron Richton richton@nbcs.rutgers.edu wrote: On Wed, 10 Mar 2010, Klemens Kittan wrote:
Mar 1 14:45:15 ldap1 slapd[25320]: warning: /etc/hosts.allow, line 19: cannot open /etc/hosts.allow: Too many open files cat /proc/sys/fs/file-max: 203609 cat /proc/<slapd pid>/limits: Max open files 4096 4096 files Sounds like you're mostly on the right track, but I didn't hear mention of compiling with a suitable OPENLDAP_FD_SETSIZE. Are your CPPFLAGS set accordingly?Klemens,
Few weeks ago I had a similar issue, I found this thread very useful: http://www.sunmanagers.org/pipermail/summaries/2005-March/006226.html but at the end the issue seemed to come from avahi daemon. I'm not familiar with avahi but the config had:
[rlimits] #rlimit-as= rlimit-core=0 rlimit-data=4194304 rlimit-fsize=0 rlimit-nofile=30 rlimit-stack=4194304 rlimit-nproc=3
The machine restarted and started avahi(it was stopped before but not disabled) and when ldap started to get some connections I received the same output: Feb 18 00:49:05 ldap01 slapd[3704]: warning: cannot open /etc/hosts.deny: Too many open files
I looked at that thread. They recommend exactly the things I tried already, e.g. setting ulimit in the startup script. I checked that with cat /proc/<slapd pid>/limits. Nevertheless the LDAP stopped responding after 1024 open connections. I didn't change "idletimeout" in slapd.conf for I found the follwing in the LDAP documentation (and we use syncrepl):
"... Caution: This is a server wide value so that all bind connections are affected by it. If this server is either a replication consumer (using the syncrepl directive with a type value of refreshAndPersist) or a provider (using the overlay syncprov directive with a one of more consumers with a type of refreshAndPersist) then it is highly likely that these links will remain idle for prolonged periods of time. Extreme caution should be used when defining the idletimeout directive in either of these conditions because the net effect may be to change such replication connections into type refreshOnly which may not be a welcome side effect..."
On my systems the avahi daemon is not installed.