Bug#854436: marked as done (provide a way to increase slapd's nofile limit)

Wed, 15 Feb 2017 00:27:23 -0800 

Your message dated Wed, 15 Feb 2017 09:22:55 +0100
with message-id 
<CAOkSjBgD0C1j7M7FYPmO=97FbahCrpiWMnOm2s21=s4bqql...@mail.gmail.com>
and subject line 
has caused the Debian Bug report #854436,
regarding provide a way to increase slapd's nofile limit
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
854436: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854436
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: openldap
Severity: important

Dear openldap maintainers and contributors, thanks for your work with this
package.

Please, don't use tcp-wrappers with slapd.

It has been already known for a while that this technology is obsolete [0],
and may cause a false sense of security which is even worse.

In some environments, this may cause other issues, for example:

slapd[7408]: warning: cannot open /etc/hosts.allow: Too many open files
slapd[7408]: warning: cannot open /etc/hosts.deny: Too many open files
slapd[7408]: warning: cannot open /etc/hosts.allow: Too many open files
slapd[7408]: warning: cannot open /etc/hosts.deny: Too many open files
slapd[7408]: warning: cannot open /etc/hosts.allow: Too many open files
slapd[7408]: warning: cannot open /etc/hosts.deny: Too many open files


[0] https://lists.ubuntu.com/archives/ubuntu-users/2014-June/276215.html

--- End Message ---
--- Begin Message --- 
While I still think that tcp_wrappers are something to left behind at
this point,
I agree that the issue is somewhere else and has nothing to do with slapd.

I found a way of overcoming this issue by tuning system resouce limits
for the slapd process.
Read more about this here:
http://ral-arturo.org/2017/02/14/about-process-limits.html

If the link is down and someone is looking for this in the future: use
prlimit(1) and read getrlimit(2).

sorry for the nose, best regards

--- End Message ---

Reply via email to