On Tue, 9 Dec 2014, Terje Trane wrote:
Oct 31 11:11:33 ldapsrv slapd[6603]: warning: cannot open
/etc/hosts.deny: Too many open files
...etc...etc...
...and preventing most of the genuine lookups and logins.
You can of course up the ulimit (default was 1024) and in slapd config
limit connections to prevent clients from being able to do this, but if
you don't need tcp wrappers anyway, ....
While I don't disagree with this in principle, I want to write for the
archives. IMO people searching for "slapd /etc/hosts.deny: Too many open
files" really shouldn't get "go recompile --disable" as a result:
A ulimit that low, nowadays, is really just to rapidly stop typos and
other foolishly runaway processes. For a process such as a server running
on (even-not-so-)modern hardware, when you're expecting large amounts of
connections -- and keeping in mind that each connection takes a file
descriptor -- that limit should be significantly higher.
Basically, blaming the final straw isn't the right move. Given the choice
between repackaging a piece of software with fewer features, or
reconfiguring an unrealistic default to an appropriate value for your
environment, I'd think the config file is the way to go...regardless of
libwrap or any other part of the stack.
