[Freeipa-users] strange replica install error (another one)
Alexander Bokovoy
abokovoy at redhat.com
Thu Dec 4 16:30:51 UTC 2014
On Thu, 04 Dec 2014, Janelle wrote:
>Hi all,
>
>just (pam)auth and nslcd
>
>It was ported from a running OpenLDAP environment to IPA. Just trying
>to do conversions in stages so as not to change too much all at once.
>Thought I could go from OpenLDAP to IPA and just use the backend of
>389ds. Functionally it does work, but the load kills it. Seems like
>FDs are a huge problem. But all the settings documented don't see to
>resolve the magic:
>
>/ Netscape Portable Runtime error -5971 (Process open FD table is full.)/
>
>error.
>
>Shouldn't this increase file descriptors in conjunction with
>/etc/sysconfig/dirsrv.systemd change? FS-limits across the OS are set
>to 65535 - /etc/security/limits.conf, /proc, sysctl.conf -- everything
>but 389-ds itself. But I still can't get this to work, although it
>does not give an error.
>
>ldapmodify -x -D "cn=directory manager" -W <<EOF
>dn: cn=config,cn=ldbm database,cn=plugins,cn=config
>changetype: modify
>replace: nsslapd-maxdescriptors
>nsslapd-maxdescriptors: 65535
>-
>replace: nsslapd-dtablesize
>nsslapd-dtablesize: 65535
>-
>replace: nsslapd-reservedescriptors
>nsslapd-reservedescriptors: 100
>EOF
As you said in the original messages that you are dealing with FreeIPA
4.0.5, it means you are on a system with systemd. For it to change
limits you have to do it differently. See
/lib/systemd/system/dirsrv at .service for detailed instructions.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list