[K12OSN] LDAP timeout question
Rob Owens
rowens at ptd.net
Fri Nov 16 22:45:10 UTC 2007
Very interesting.
Is there a way to increase the open file limit on a per-user basis?
-Rob
On Fri, Nov 16, 2007 at 11:28:17AM -0500, Jim Kronebusch wrote:
> Okay, it turns out that a default Edubuntu Feisty server with openldap installed opens
> 16 files per every user logged in (I supposes "default" isn't entirely accurate, I do
> have other apps installed such as xterminator, fl_teachertool, LDM_DIRECTX=true, etc.).
> Each application opened thereafter uses 1 more open file under the openldap user.
> These files remain open for the openldap user until the user session is terminated. So
> if one student logged on to every client in my network and opened both Firefox and
> OpenOffice, openldap would have 18 files opened per user across 108 clients. Now this
> is the part I can figure out easily, 108 users x 18 open files per user equals 1944 open
> file for the openldap user. The default open file limit per user under Edubuntu feisty
> is 1024, so when the max users I can have even logged into the server with no other open
> applications is 64. After that the openldap user is unable to open any more files, and
> as a result slapd returns the error of too many files open.
>
> So from what I read, this can be solved one of two ways. Either start the slapd service
> under the root user (security problems here I think) or change the amount of allowed
> open files per user in /etc/security/limits.conf.
>
> So upon some detective work I have determined that my mail server usually has 15
> concurrent files open under openldap user, and my maximum expected amount of open files
> with all 108 users logged in and two applications is 1944, and a freshly rebooted server
> has about 50 open files for the openldap user, I figured a limit of over 2000 should
> suffice. I then decided I never want to see this error again, so I set the following in
> /etc/security/limits.conf:
>
> * soft nofile 4096
> * hard nofile 4096
>
> This set the default for all users to a hard and soft limit of 4096 open files. Now I
> wait and see what happens.
>
> If this works, I think there is a huge flaw with the maximum open file limit and the
> default configuration of OpenLDAP when used in a thin client environment.
>
> I hope this can be fixed in the future with some sane defaults. I'll post back whether
> or not this is a permanent solution to my problems.
>
> Jim
>
> On Thu, 15 Nov 2007 11:50:05 -0500, Jim Kronebusch wrote
> > I am having problems with my user openldap running out of enough files when I
> > have heavy use class period after class period. I am trying to figure out the
> > best way to increase the open file limit for the openldap user (so far
> > increasing with /etc/security/limits.conf) and what a reasonable limit is.
> > Any suggestions along these lines would be appreciated.
> >
> > But my real question is, what are the effects of implementing an idle_timeout
> > in slapd.conf? We have 50-75 users connecting at every class period.
> > Throughout the day the open files for the openldap user start to build and
> > don't drop off immediately after every class. I'll quick state that the
> > default for per user open files in Edubuntu seems to be 1024, and ldap stops
> > responding when we hit this limit. So I'm wondering if instead of increasing
> > the open file limit, if I'm better off adding an idle_timeout
> > (default is 0 which disables the timeout). I am thinking of a timeout just a little
> > longer than our average class period. My understanding of the timeout is that
> > an increased load could be placed on the ldap server, but other than that
> > there should be no adverse affects. I'm hoping this change would keep my
> > amount of files from growing throughout the day.
> >
> > Thoughts? If anyone wants to give me a better explanation of what is going on
> > I wouldn't baulk at that either.
> >
> > Quick note, this is running Edubuntu 7.04 with LDM_DIRECTX=True, and the auth
> > server is the same as the client server. My server has been set up according
> > to my instructions at http://www.1-cs.com/ubuntu_ldap_howto.txt. I also have
> > an email server authenticating off of the same box, but no more than 20 of the
> > ldap files seem to be associated with the email server at one time. There are
> > about 500 users and 108 thin clients. Concurrent users typically does not
> > exceed 75. I've never seen processor usage go above 25% and RAM usage over
> > 6GB (16GB total available) even when 75 concurrent users are in
> > Firefox/Flash/OpenOffice at the same time, so I think it is safe to say the
> > server is not overloaded. And I see no obvious slowdowns during this type of
> > use. And just to note the only error I have when this happens is the
> > following in /var/log/syslog:
> >
> > Nov 15 08:19:10 ltsp slapd[27148]: warning: cannot open /etc/hosts.allow: Too
> > many open files
> > Nov 15 08:19:10 ltsp slapd[27148]: warning: cannot open /etc/hosts.deny: Too
> > many open files
> >
> > Thanks,
> >
> > Jim Kronebusch
> > Cotter Tech Department
> > 453-5188
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by the Cotter Technology
> > Department, and is believed to be clean.
> >
> > _______________________________________________
> > K12OSN mailing list
> > K12OSN at redhat.com
> > https://www.redhat.com/mailman/listinfo/k12osn
> > For more info see <http://www.k12os.org>
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by the Cotter Technology
> > Department, and is believed to be clean.
>
>
> Jim Kronebusch
> Cotter Tech Department
> 453-5188
>
>
> --
> This message has been scanned for viruses and
> dangerous content by the Cotter Technology
> Department, and is believed to be clean.
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
More information about the K12OSN
mailing list