OpenLDAP 2.4.44 under RHEL 7.1
I'm using back-ldap to proxy a back-mdb instance with 1K users. The relevant part of the proxy configuration is
dn: olcDatabase={2}ldap,cn=config
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {2}ldap
olcSuffix: dc=example,dc=com
olcDbURI: "ldap://
ldap-server.example.com:389/"
olcDbIDAssertBind: bindmethod=none
olcDbIDAssertAuthzFrom: {0}"*"
olcDbRebindAsUser: TRUE
olcDbChaseReferrals: TRUE
I'm using slamd for doing performance tests. According to the back-ldap man page, sessions that explicitly Bind to the back-ldap database always create their own private connection to the remote LDAP server. The private connections are closed after the remote LDAP server idletimeout (15mn), but remain stuck in a CLOSE_WAIT status. Moreover, it seems that the private connections are not reused for further BIND with the same user since the available file descriptors (8192) on remote server are quickly exhausted (only 1K users). Using the parameter