15 Feb
2010
15 Feb
'10
9:48 a.m.
Hi all,
After more research, I discovered that the actual cause of the problem is indeed a file descriptor leak: not in slapd, but in krb524d -- the Kerberos V to IV ticket conversion service -- which is part of the krb5-kdc package in Debian. It occurs when Kerberos is configured to use LDAP as its back-end database.
I filed a Debian bug report, only to learn that it was a known problem that will likely not be fixed, since krb524d has been removed from current krb5 releases. I was also told that there seems to be a related, much slower leak when using krb5-kdc with LDAP, but thankfully that one is more likely to be fixed.
Cheers,
Jaap