(Sorry for posting this message again, but it's better with a Subject)
OpenLDAP 2.4.44 under RHEL 7.1
I'm using back-ldap to proxy a back-mdb instance with 1K users. The relevant part of the proxy configuration is
dn: olcDatabase={2}ldap,cn=config
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {2}ldap
olcSuffix: dc=example,dc=com
olcDbURI: "ldap://
ldap-server.example.com:389/"
olcDbIDAssertBind: bindmethod=none
olcDbIDAssertAuthzFrom: {0}"*"
olcDbRebindAsUser: TRUE
olcDbChaseReferrals: TRUE
I'm
using slamd for doing performance tests. According to the back-ldap man
page, sessions that explicitly Bind to the back-ldap database always
create their own private connection to the remote LDAP server. However, it seems that
the private connections are not reused for further BIND with the same
user since the available file descriptors (8192) on remote server are
quickly exhausted (recall that my LDAP server has only 1K users, BINDs with slamd are performed randomly). The
private connections are closed after the remote LDAP server idletimeout
(15mn), but remain stuck in a CLOSE_WAIT status. Using the parameter