[Freeipa-users] strange replica install error (another one)
Janelle
janellenicole80 at gmail.com
Thu Dec 4 16:38:30 UTC 2014
On 12/4/14 8:30 AM, Alexander Bokovoy wrote:
> On Thu, 04 Dec 2014, Janelle wrote:
>> Hi all,
>>
>> just (pam)auth and nslcd
>>
>> It was ported from a running OpenLDAP environment to IPA. Just
>> trying to do conversions in stages so as not to change too much all
>> at once. Thought I could go from OpenLDAP to IPA and just use the
>> backend of 389ds. Functionally it does work, but the load kills it.
>> Seems like FDs are a huge problem. But all the settings documented
>> don't see to resolve the magic:
>>
>> / Netscape Portable Runtime error -5971 (Process open FD table is
>> full.)/
>>
>> error.
>>
>> Shouldn't this increase file descriptors in conjunction with
>> /etc/sysconfig/dirsrv.systemd change? FS-limits across the OS are set
>> to 65535 - /etc/security/limits.conf, /proc, sysctl.conf --
>> everything but 389-ds itself. But I still can't get this to work,
>> although it does not give an error.
>>
>> ldapmodify -x -D "cn=directory manager" -W <<EOF
>> dn: cn=config,cn=ldbm database,cn=plugins,cn=config
>> changetype: modify
>> replace: nsslapd-maxdescriptors
>> nsslapd-maxdescriptors: 65535
>> -
>> replace: nsslapd-dtablesize
>> nsslapd-dtablesize: 65535
>> -
>> replace: nsslapd-reservedescriptors
>> nsslapd-reservedescriptors: 100
>> EOF
> As you said in the original messages that you are dealing with FreeIPA
> 4.0.5, it means you are on a system with systemd. For it to change
> limits you have to do it differently. See
> /lib/systemd/system/dirsrv at .service for detailed instructions.
>
>
from /lib/systemd/system/dirsrv at .service --
# if you need to set other directives e.g. LimitNOFILE=8192
# set them in this file
.include /etc/sysconfig/dirsrv.systemd
And that is the file that contains the LimitNOFILE=32768
So that was done. But it still seems to not make any difference since
ns-slapd itself is still code to 8192. That is the issue I am facing -
I can get beyond 8192. (even if 65535 is not used - although that was
the limit used with OpenLDAP and no issues)
~J
More information about the Freeipa-users
mailing list