What version of 389-ds-base are you using?
In newer versions we automatically set the server FD limit to the
maximum allowed per process. This can be seen in the errors log at
server startup:
For example:
[09/Nov/2022:16:23:07.100244932 -0500] - INFO - main - Setting the
maximum file descriptor limit to: 524288
389-ds also has no issues with handling 1000's of concurrent
connections. So I suspect this is just a tuning issue, but let us know
what version you are running so we can give you the proper tuning advice.
Now if you have issues with idle/stale connections, or bad clients, then
look into tuning nsslapd-ioblocktimeout (e.g. 10000 => 10 seconds), and
maybe nslapd-idletimeout.
Mark
On 11/11/22 9:25 AM, Tobias Ernstberger wrote:
Hello,
we're observing the following error message:
"ERR - accept_and_configure - PR_Accept() failed, Netscape Portable Runtime error
-5971 (Process open FD table is full.)"
Looks like the file descriptors are exhausted, probably mainly used by incoming
TCP Connections (based on our investigation regarding open FDs).
We've set (and checked using the runtime information in /proc/PID/limits) the
ulimits and the nsslapd-maxdescriptors to many thousands (while having about
1000 open connection regularly)
We are investigating in multiple directions here, and have some questions - any
input is appreciated:
1) We acknowledge that exhausted FDs prevent additional connections to be
opened. But we also see, that existing connections are getting unusable, too.
Is this a known behaviour? Can this be avoided?
2) Is there any chance to limit the number of open connections (lower than the
max FDs)? (trying to achieve that existing connections still work)
3) What are best practice to prevent the ldap server from getting completely
useless (until restart) if a client opens many connections?
4) Any additional remarks to prevent this situation?
Kind regards
Tobias Ernstberger
IBM Security
IBM Deutschland GmbH
Vorsitzender des Aufsichtsrats: Sebastian Krause
Geschäftsführung: Gregor Pillen (Vorsitzender), Nicole Reimer, Gabriele
Schwarenthorer, Christine Rupp, Frank Theisen
Sitz der Gesellschaft: Ehningen / Registergericht: Amtsgericht Stuttgart, HRB
14562 / WEEE-Reg.-Nr. DE 99369940
https://www.ibm.com/privacy/us/en/
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
--
Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue