Hi All Requesting some sort of help with "Too Many open files". .I have seen several post and even in these archives about too many open files..Details about openldap installation. Version - 2.4.59 OS- RockyLinux 8 Ldap is used by the coldfusion application for authentication. During normal operation things are ok..but after some time or when a load of like 30 concurrent users for a period of 5 mins are added, I get "Too Many Open files" after the file descriptors reach 1024. What I have observed that post the search result log. , the UNBIND and CLOSE on the connection at times takes over 3 mins..and have see that there are over 1000 connections in ESTABLISHED mode based on the lsof -i :ldap ...I have tried to set below limits but to no avail..it still thows error post 1023 open FDs.. * hard nofile 65535 * soft nofile 65535 * hard memlock 3000000 * soft memlock 3000000 * hard nproc 16000 * soft nproc 16000 * hard stack 512000 * soft stack 512000
Have been able to increase the FDs as well by modifiying the slapd startup script(changed the settings to 4096..it did reflect in monitor)..but after some time the connection unbind and close calls are invoke more than 3 mins...as compared to when the load is low..when it happens within few secs.. Any help to make changes to ldap configuration or pointers how to go ahead troubleshooting this would be really appreciated.
--On Thursday, May 18, 2023 12:38 PM +0000 chauhan.ramraj@gmail.com wrote:
Hi All Requesting some sort of help with "Too Many open files". .I have seen several post and even in these archives about too many open files..Details about openldap installation. Version - 2.4.59
Hello,
Is your openldap build linked to tcpwrappers?
--Quanah
Thanks a lot for looking into the question..Is there a way to find out ( build linked to tcpwrappers?)..
On Thu, May 18, 2023 at 9:53 AM chauhan.ramraj@gmail.com wrote:
Requesting some sort of help with "Too Many open files". .I have seen several post and even in these archives about too many open files..Details about openldap installation. Version - 2.4.59 OS- RockyLinux 8 Ldap is used by the coldfusion application for authentication. During normal operation things are ok..but after some time or when a load of like 30 concurrent users for a period of 5 mins are added, I get "Too Many Open files" after the file descriptors reach 1024. What I have observed that post the search result log. , the UNBIND and CLOSE on the connection at times takes over 3 mins..and have see that there are over 1000 connections in ESTABLISHED mode based on the lsof -i :ldap ...I have tried to set below limits but to no avail..it still thows error post 1023 open FDs..
- hard nofile 65535
- soft nofile 65535
- hard memlock 3000000
- soft memlock 3000000
- hard nproc 16000
- soft nproc 16000
- hard stack 512000
- soft stack 512000
Have been able to increase the FDs as well by modifiying the slapd startup script(changed the settings to 4096..it did reflect in monitor)..but after some time the connection unbind and close calls are invoke more than 3 mins...as compared to when the load is low..when it happens within few secs.. Any help to make changes to ldap configuration or pointers how to go ahead troubleshooting this would be really appreciated.
Also have a look at https://ro-che.info/articles/2017-03-26-increase-open-files-limit . It shows PAM and Systemd as additional suspects.
1024 sounds like the soft limit from Systemd:
# My Ubuntu machine $ sudo systemctl show | grep -i file DefaultLimitNOFILE=524288 DefaultLimitNOFILESoft=1024
Jeff
--On Thursday, May 18, 2023 11:05 AM -0400 Jeffrey Walton noloader@gmail.com wrote:
Also have a look at https://ro-che.info/articles/2017-03-26-increase-open-files-limit . It shows PAM and Systemd as additional suspects.
1024 sounds like the soft limit from Systemd:
# My Ubuntu machine $ sudo systemctl show | grep -i file DefaultLimitNOFILE=524288 DefaultLimitNOFILESoft=1024
ah yeah good point, systemd is often another culprit. :)
--Quanah
Thanks a lot for taking time to respond to this..However as i mentioned I was able to change the number of FDs in teh startup script and that did show up updated in the monitor..but even after increasing when the application is load tested..it takes too long for UNBIND and CLOSE the connections..Also i do see connection lost related logs as well.
openldap-technical@openldap.org
-
chauhan.ramraj@gmail.com -
Jeffrey Walton -
Quanah Gibson-Mount