OpenLDAP and file limits

Christopher K. Johnson ckjohnson at gwi.net
Sat Jan 17 00:23:20 UTC 2004


Bevan C. Bennett wrote:

> Ok, I am having one really big problem with using FC1 as a server in 
> one particular circumstance. Every week or so, LDAP hits 'Too many 
> open files' and stops functioning properly. Additionally, I've 
> discovered that the various LDAP clients don't then fail over to my 
> backup LDAP server like they're supposed to. They don't even fail all 
> at once, but things just slowly stop working one by one until 
> everything else grinds to a halt.
>
> I've seen other people with similar problems, but no useful solutions 
> being offered. My old Redhat7.1 server never had this problem running 
> openldap 2.0.11.
>
> Jan 11 04:38:09 urd slapd[1452]: warning: cannot open 
> /etc/hosts.allow: Too many open files
> Jan 11 04:38:47 urd last message repeated 18 times
> Jan 11 04:39:52 urd last message repeated 7 times
> Jan 11 04:42:55 urd last message repeated 24 times
> Jan 11 04:45:36 urd last message repeated 2 times
> Jan 11 04:50:37 urd last message repeated 8 times
> Jan 11 05:12:17 urd last message repeated 3 times
> Jan 11 05:13:58 urd last message repeated 7 times
> Jan 11 05:33:57 urd last message repeated 2 times
> Jan 11 05:35:38 urd last message repeated 4 times
> Jan 11 05:40:46 urd last message repeated 14 times
> [...]
> Jan 16 09:43:00 urd slapd[3021]: warning: cannot open 
> /etc/hosts.allow: Too many open files
> Jan 16 09:43:38 urd last message repeated 9 times
> Jan 16 09:44:45 urd last message repeated 11 times
> Jan 16 09:45:01 urd last message repeated 14 times
>
> I've tried adding the following to /etc/security/limits.conf, but it 
> hasn't helped:
> ldap             hard    nofile          65535
>
> It looks like I'd need to have ldap run 'ulimit -n 65535' before 
> starting slapd from either within the daemon function of 
> /etc/init.d/functions or some wrapper script, but I'm a little baffled 
> as to why this behavior never showed up on my older system which has 
> AFAIK the same per-process user limits.
>
> Does anyone have any insight or helpful suggestions (other than 
> putting together a PO for a few RHEL licenses)?

Let's start by looking at what files are open to get a clue what is 
going on.
Find process number of a slapd process from ps -ef
Then as root look at the files that process has open using lsof.  For 
pid 3021 use 'lsof -p 3021'
If lsof is not a recognized command for root then make sure you have the 
lsof rpm installed.

-- 
-----------------------------------------------------------
   "Spend less!  Do more!  Go Open Source..." -- Dirigo.net
   Chris Johnson, RHCE #807000448202021






More information about the fedora-list mailing list