[K12OSN] OT: Openldap and too many open files

David Hopkins dahopkins429 at gmail.com
Fri Sep 5 15:59:14 UTC 2008

On Fri, Sep 5, 2008 at 11:17 AM, Terrell Prude' Jr.
<microman at cmosnetworks.com> wrote:
> On Friday 05 September 2008 10:07, David Hopkins wrote:
>> My ldap server is now failing with the
>> slapd[17057]: warning: cannot open /etc/hosts.deny: Too many open files
>> message.   I have 100+ teachers and an additional 150+ students
>> connecting at any given time.  I run nscd on all my systems since this
>> is a suggested solution for reducing the load and consequently the
>> open files on the ldap server(s).
>> I can restart ldap and it will run for a bit before issuing this
>> warning at which point all authentication stops.  I've googled for
>> solutions and most suggest using ulimit in the ldap script to set the
>> file limit higher.  I have done so but it doesn't seem to make the
>> change. Other responses on this suggest that I may have to recompile
>> openldap and possibly nss related items as well to get around the
>> issue. That is a daunting issue.
>> I have also seen a suggestion to set the idletimeout in slapd.conf but
>> I am not sure that this wouldn't adversely affect anything since it
>> closes connections.
>> Has anyone else seen this issue and implemented a solution?
>> Sincerely,
>> Dave Hopkins
>> Has anyone else seen this issue and found a good solution to it?
> Ahhh...that's an error I haven't seen in a long while.  It sounds like you're
> running out of file descriptors.  Try setting the fs.file-max parameter to
> something a bit bigger than it is now.
> BTW, I got this from about 5 minutes of Googling.  It is your friend.  :-)

Must have used a different search string than I did for google.  ;) I used
 "warning: cannot open /etc/hosts.deny: Too many open files" slapd

and didn't hit that site. So fs-file-max is currently 205984 on the
authentication server.

The hit I got that prompted this post
was by Jim Kronebusch where he suggested using

*       soft   nofile          4096
*       hard   nofile         4096

in /etc/security/limits.conf.  I can try both and see what happens.

Dave Hopkins

More information about the K12OSN mailing list