Hi!
Too bad: I also noticed that syncrepl RefeshAndPersist connections are not shown in the connection monitor (or I was unable to find those).
Kind regards, Ulrich Windl
-----Original Message----- From: Bergmann, Clemens clemens.bergmann@tu-darmstadt.de Sent: Thursday, July 3, 2025 3:50 PM To: Windl, Ulrich u.windl@ukr.de; openldap-technical@openldap.org Subject: [EXT] AW: many connections in proxy setup
Hi Ulrich,
thanks for the suggestion. In netstat/lsof I see that most of the Connection (~900 of the ~1000 open Connections) are to the Proxy "target" servers. I can also see the other end of these connection in netstat/lsof on the "target" server. In cn=Connections,cn=Monitor I only see the ~100 Client connections which seems about right.
Mit freundlichen Grüßen Clemens (Bergmann)
-- Clemens Bergmann [er/ihm; he/him] Gruppe Nutzermanagement und Entwicklung Technische Universität Darmstadt Hochschulrechenzentrum, Alexanderstraße 2, 64283 Darmstadt Tel. +49 6151 16 71184 http://www.hrz.tu-darmstadt.de/
-----Ursprüngliche Nachricht----- Von: Windl, Ulrich u.windl@ukr.de Gesendet: Donnerstag, 3. Juli 2025 08:55 An: Bergmann, Clemens clemens.bergmann@tu-darmstadt.de;
openldap-
technical@openldap.org Betreff: RE: many connections in proxy setup
Suggestion: examine the connections you have; either like “netstat”, or the monitoring connection database.
Maybe you get an idea what kind of connections you have.
Kind regards,
Ulrich Windl
From: Bergmann, Clemens clemens.bergmann@tu-darmstadt.de Sent: Tuesday, July 1, 2025 3:48 PM To: openldap-technical@openldap.org Subject: [EXT] many connections in proxy setup
Hi,
we have two openLDAP Servers configured with back_ldap. Each server
has
one non-OpenLDAP-Server as “target”.
I passed a redacted copy of my configuration below.
At any given time we have around 100 connections from clients to the openLDAP Server. I noticed that there are a lot more connections open
from
the ldap Server to the “target” Servers. Sometimes close to 1000. As this is
a
temporary setup I did not investigate any more. In the last days we
sometimes
see the following errors in log:
“daemon: accept(10) failed errno=24 (Too many open files)”
“connection_input: conn=1799 deferring operation: too many executing”
“connection_read(446): no connection!”
I suspect that this is because there are more than 1024 connections open
and
the OS is preventing opening more FDs.
I am not sure why we have so many open connections to the “target”
servers.
Maybe someone can spot my config error.
Thanks in advance.
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/lib/openldap/slapd.args
olcIdleTimeout: 15
olcLocalSSF: 256
olcLogLevel: none
olcPidFile: /var/lib/openldap/slapd.pid
olcRootDSE: /etc/openldap/rootDSE.ldif
olcSaslSecProps: noplain,noanonymous
olcSecurity: simple_bind=256 ssf=256 tls=0
olcTLSCACertificateFile: /etc/ssl/certs/ca-bundle.crt
olcTLSCertificateFile: /etc/openldap/certs/server.pem
olcTLSCertificateKeyFile: /etc/openldap/certs/server.key
olcTLSCipherSuite: DEFAULT:-SHA1:-CBC
olcTLSDHParamFile: /etc/openldap/dhparam.pem
olcTLSProtocolMin: 3.3
dn: olcDatabase={2}ldap,cn=config
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {2}ldap
olcAccess: redacted
olcDbACLBind: bindmethod=simple binddn=cn=proxy,ou=admin,o=tu- darmstadt credentials=redacted tls_cacert=/etc/ssl/certs/ca-bundle.crt
olcDbStartTLS: ldaps tls_cacert=/etc/ssl/certs/ca-bundle.crt
olcDbURI: ldaps://backend-server01.example.com/
olcRootDN: cn=admin,ou=admin,o=tu-darmstadt
olcSizeLimit: unlimited
olcSuffix: o=tu-darmstadt
olcTimeLimit: 90
Kind regards
Clemens (Bergmann)
--
Clemens Bergmann
[er/ihm; he/him]
Gruppe Nutzermanagement und Entwicklung
Technische Universität Darmstadt
Hochschulrechenzentrum, Alexanderstraße 2, 64283 Darmstadt
Tel. +49 6151 16 71184
http://www.hrz.tu-darmstadt.de/ http://www.hrz.tu-darmstadt.de/