[K12OSN] OT: Openldap and too many open files
David Hopkins
dahopkins429 at gmail.com
Fri Sep 5 15:59:14 UTC 2008
On Fri, Sep 5, 2008 at 11:17 AM, Terrell Prude' Jr.
<microman at cmosnetworks.com> wrote:
> On Friday 05 September 2008 10:07, David Hopkins wrote:
>> My ldap server is now failing with the
>>
>> slapd[17057]: warning: cannot open /etc/hosts.deny: Too many open files
>>
>> message. I have 100+ teachers and an additional 150+ students
>> connecting at any given time. I run nscd on all my systems since this
>> is a suggested solution for reducing the load and consequently the
>> open files on the ldap server(s).
>>
>> I can restart ldap and it will run for a bit before issuing this
>> warning at which point all authentication stops. I've googled for
>> solutions and most suggest using ulimit in the ldap script to set the
>> file limit higher. I have done so but it doesn't seem to make the
>> change. Other responses on this suggest that I may have to recompile
>> openldap and possibly nss related items as well to get around the
>> issue. That is a daunting issue.
>>
>> I have also seen a suggestion to set the idletimeout in slapd.conf but
>> I am not sure that this wouldn't adversely affect anything since it
>> closes connections.
>>
>> Has anyone else seen this issue and implemented a solution?
>>
>> Sincerely,
>> Dave Hopkins
>>
>>
>> Has anyone else seen this issue and found a good solution to it?
>
> Ahhh...that's an error I haven't seen in a long while. It sounds like you're
> running out of file descriptors. Try setting the fs.file-max parameter to
> something a bit bigger than it is now.
>
> BTW, I got this from about 5 minutes of Googling. It is your friend. :-)
>
>
Must have used a different search string than I did for google. ;) I used
"warning: cannot open /etc/hosts.deny: Too many open files" slapd
and didn't hit that site. So fs-file-max is currently 205984 on the
authentication server.
The hit I got that prompted this post
https://lists.ubuntu.com/archives/edubuntu-devel/2007-November/002463.html
was by Jim Kronebusch where he suggested using
* soft nofile 4096
* hard nofile 4096
in /etc/security/limits.conf. I can try both and see what happens.
Sincerely,
Dave Hopkins
More information about the K12OSN
mailing list