many connections in proxy setup

Tue, 01 Jul 2025 06:48:54 -0700 

Hi,

 

we have two openLDAP Servers configured with back_ldap. Each server has one 
non-OpenLDAP-Server as “target”.

 

I passed a redacted copy of my configuration below.

 

At any given time we have around 100 connections from clients to the openLDAP 
Server. I noticed that there are a lot more connections open from the ldap 
Server to the “target” Servers. Sometimes close to 1000. As this is a temporary 
setup I did not investigate any more. In the last days we sometimes see the 
following errors in log:

“daemon: accept(10) failed errno=24 (Too many open files)”

“connection_input: conn=1799 deferring operation: too many executing”

“connection_read(446): no connection!”

 

I suspect that this is because there are more than 1024 connections open and 
the OS is preventing opening more FDs.

 

I am not sure why we have so many open connections to the “target” servers.

 

Maybe someone can spot my config error.

 

Thanks in advance.

 

dn: cn=config

objectClass: olcGlobal

cn: config

olcArgsFile: /var/lib/openldap/slapd.args

olcIdleTimeout: 15

olcLocalSSF: 256

olcLogLevel: none

olcPidFile: /var/lib/openldap/slapd.pid

olcRootDSE: /etc/openldap/rootDSE.ldif

olcSaslSecProps: noplain,noanonymous

olcSecurity: simple_bind=256 ssf=256 tls=0

olcTLSCACertificateFile: /etc/ssl/certs/ca-bundle.crt

olcTLSCertificateFile: /etc/openldap/certs/server.pem

olcTLSCertificateKeyFile: /etc/openldap/certs/server.key

olcTLSCipherSuite: DEFAULT:-SHA1:-CBC

olcTLSDHParamFile: /etc/openldap/dhparam.pem

olcTLSProtocolMin: 3.3

 

dn: olcDatabase={2}ldap,cn=config

objectClass: olcDatabaseConfig

objectClass: olcLDAPConfig

olcDatabase: {2}ldap

olcAccess: redacted

olcDbACLBind: bindmethod=simple binddn=cn=proxy,ou=admin,o=tu-darmstadt 
credentials=redacted tls_cacert=/etc/ssl/certs/ca-bundle.crt

olcDbStartTLS: ldaps tls_cacert=/etc/ssl/certs/ca-bundle.crt

olcDbURI: ldaps://backend-server01.example.com/

olcRootDN: cn=admin,ou=admin,o=tu-darmstadt

olcSizeLimit: unlimited

olcSuffix: o=tu-darmstadt

olcTimeLimit: 90

 

Kind regards

Clemens (Bergmann)

 

-- 

Clemens Bergmann

[er/ihm; he/him]

Gruppe Nutzermanagement und Entwicklung

Technische Universität Darmstadt

Hochschulrechenzentrum, Alexanderstraße 2, 64283 Darmstadt

Tel. +49 6151 16 71184

 <http://www.hrz.tu-darmstadt.de/> http://www.hrz.tu-darmstadt.de/

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to