On 12/4/14 8:30 AM, Alexander Bokovoy wrote:
On Thu, 04 Dec 2014, Janelle wrote:
Hi all,

just (pam)auth and nslcd

It was ported from a running OpenLDAP environment to IPA. Just trying to do conversions in stages so as not to change too much all at once. Thought I could go from OpenLDAP to IPA and just use the backend of 389ds. Functionally it does work, but the load kills it. Seems like FDs are a huge problem. But all the settings documented don't see to resolve the magic:

/ Netscape Portable Runtime error -5971 (Process open FD table is full.)/


Shouldn't this increase file descriptors in conjunction with /etc/sysconfig/dirsrv.systemd change? FS-limits across the OS are set to 65535 - /etc/security/limits.conf, /proc, sysctl.conf -- everything but 389-ds itself. But I still can't get this to work, although it does not give an error.

ldapmodify -x -D "cn=directory manager" -W <<EOF
dn: cn=config,cn=ldbm database,cn=plugins,cn=config
changetype: modify
replace: nsslapd-maxdescriptors
nsslapd-maxdescriptors: 65535
replace: nsslapd-dtablesize
nsslapd-dtablesize: 65535
replace: nsslapd-reservedescriptors
nsslapd-reservedescriptors: 100
As you said in the original messages that you are dealing with FreeIPA
4.0.5, it means you are on a system with systemd. For it to change
limits you have to do it differently. See
/lib/systemd/system/dirsrv@.service for detailed instructions.

from /lib/systemd/system/dirsrv@.service --

# if you need to set other directives e.g. LimitNOFILE=8192
# set them in this file
.include /etc/sysconfig/dirsrv.systemd

And that is the file that contains the LimitNOFILE=32768

So that was done. But it still seems to not make any difference since ns-slapd itself is still code to 8192. That is the issue I am facing - I can get beyond 8192. (even if 65535 is not used - although that was the limit used with OpenLDAP and no issues)


Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to