Hi Ulrich, thanks for the suggestion. In netstat/lsof I see that most of the Connection (~900 of the ~1000 open Connections) are to the Proxy "target" servers. I can also see the other end of these connection in netstat/lsof on the "target" server. In cn=Connections,cn=Monitor I only see the ~100 Client connections which seems about right.
Mit freundlichen Grüßen Clemens (Bergmann) -- Clemens Bergmann [er/ihm; he/him] Gruppe Nutzermanagement und Entwicklung Technische Universität Darmstadt Hochschulrechenzentrum, Alexanderstraße 2, 64283 Darmstadt Tel. +49 6151 16 71184 http://www.hrz.tu-darmstadt.de/ > -----Ursprüngliche Nachricht----- > Von: Windl, Ulrich <u.wi...@ukr.de> > Gesendet: Donnerstag, 3. Juli 2025 08:55 > An: Bergmann, Clemens <clemens.bergm...@tu-darmstadt.de>; openldap- > techni...@openldap.org > Betreff: RE: many connections in proxy setup > > Suggestion: examine the connections you have; either like “netstat”, or the > monitoring connection database. > > Maybe you get an idea what kind of connections you have. > > > > Kind regards, > > Ulrich Windl > > > > From: Bergmann, Clemens <clemens.bergm...@tu-darmstadt.de> > Sent: Tuesday, July 1, 2025 3:48 PM > To: openldap-technical@openldap.org > Subject: [EXT] many connections in proxy setup > > > > Hi, > > > > we have two openLDAP Servers configured with back_ldap. Each server has > one non-OpenLDAP-Server as “target”. > > > > I passed a redacted copy of my configuration below. > > > > At any given time we have around 100 connections from clients to the > openLDAP Server. I noticed that there are a lot more connections open from > the ldap Server to the “target” Servers. Sometimes close to 1000. As this is a > temporary setup I did not investigate any more. In the last days we sometimes > see the following errors in log: > > “daemon: accept(10) failed errno=24 (Too many open files)” > > “connection_input: conn=1799 deferring operation: too many executing” > > “connection_read(446): no connection!” > > > > I suspect that this is because there are more than 1024 connections open and > the OS is preventing opening more FDs. > > > > I am not sure why we have so many open connections to the “target” servers. > > > > Maybe someone can spot my config error. > > > > Thanks in advance. > > > > dn: cn=config > > objectClass: olcGlobal > > cn: config > > olcArgsFile: /var/lib/openldap/slapd.args > > olcIdleTimeout: 15 > > olcLocalSSF: 256 > > olcLogLevel: none > > olcPidFile: /var/lib/openldap/slapd.pid > > olcRootDSE: /etc/openldap/rootDSE.ldif > > olcSaslSecProps: noplain,noanonymous > > olcSecurity: simple_bind=256 ssf=256 tls=0 > > olcTLSCACertificateFile: /etc/ssl/certs/ca-bundle.crt > > olcTLSCertificateFile: /etc/openldap/certs/server.pem > > olcTLSCertificateKeyFile: /etc/openldap/certs/server.key > > olcTLSCipherSuite: DEFAULT:-SHA1:-CBC > > olcTLSDHParamFile: /etc/openldap/dhparam.pem > > olcTLSProtocolMin: 3.3 > > > > dn: olcDatabase={2}ldap,cn=config > > objectClass: olcDatabaseConfig > > objectClass: olcLDAPConfig > > olcDatabase: {2}ldap > > olcAccess: redacted > > olcDbACLBind: bindmethod=simple binddn=cn=proxy,ou=admin,o=tu- > darmstadt credentials=redacted tls_cacert=/etc/ssl/certs/ca-bundle.crt > > olcDbStartTLS: ldaps tls_cacert=/etc/ssl/certs/ca-bundle.crt > > olcDbURI: ldaps://backend-server01.example.com/ > > olcRootDN: cn=admin,ou=admin,o=tu-darmstadt > > olcSizeLimit: unlimited > > olcSuffix: o=tu-darmstadt > > olcTimeLimit: 90 > > > > Kind regards > > Clemens (Bergmann) > > > > -- > > Clemens Bergmann > > [er/ihm; he/him] > > Gruppe Nutzermanagement und Entwicklung > > Technische Universität Darmstadt > > Hochschulrechenzentrum, Alexanderstraße 2, 64283 Darmstadt > > Tel. +49 6151 16 71184 > > http://www.hrz.tu-darmstadt.de/ <http://www.hrz.tu-darmstadt.de/> > >
smime.p7s
Description: S/MIME cryptographic signature
