Hi! Too bad: I also noticed that syncrepl RefeshAndPersist connections are not shown in the connection monitor (or I was unable to find those).
Kind regards, Ulrich Windl > -----Original Message----- > From: Bergmann, Clemens <clemens.bergm...@tu-darmstadt.de> > Sent: Thursday, July 3, 2025 3:50 PM > To: Windl, Ulrich <u.wi...@ukr.de>; openldap-technical@openldap.org > Subject: [EXT] AW: many connections in proxy setup > > Hi Ulrich, > > thanks for the suggestion. > In netstat/lsof I see that most of the Connection (~900 of the ~1000 open > Connections) are to the Proxy "target" servers. I can also see the other end > of these connection in netstat/lsof on the "target" server. > In cn=Connections,cn=Monitor I only see the ~100 Client connections which > seems about right. > > Mit freundlichen Grüßen > Clemens (Bergmann) > > -- > Clemens Bergmann > [er/ihm; he/him] > Gruppe Nutzermanagement und Entwicklung > Technische Universität Darmstadt > Hochschulrechenzentrum, Alexanderstraße 2, 64283 Darmstadt > Tel. +49 6151 16 71184 > http://www.hrz.tu-darmstadt.de/ > > > -----Ursprüngliche Nachricht----- > > Von: Windl, Ulrich <u.wi...@ukr.de> > > Gesendet: Donnerstag, 3. Juli 2025 08:55 > > An: Bergmann, Clemens <clemens.bergm...@tu-darmstadt.de>; > openldap- > > techni...@openldap.org > > Betreff: RE: many connections in proxy setup > > > > Suggestion: examine the connections you have; either like “netstat”, or the > > monitoring connection database. > > > > Maybe you get an idea what kind of connections you have. > > > > > > > > Kind regards, > > > > Ulrich Windl > > > > > > > > From: Bergmann, Clemens <clemens.bergm...@tu-darmstadt.de> > > Sent: Tuesday, July 1, 2025 3:48 PM > > To: openldap-technical@openldap.org > > Subject: [EXT] many connections in proxy setup > > > > > > > > Hi, > > > > > > > > we have two openLDAP Servers configured with back_ldap. Each server > has > > one non-OpenLDAP-Server as “target”. > > > > > > > > I passed a redacted copy of my configuration below. > > > > > > > > At any given time we have around 100 connections from clients to the > > openLDAP Server. I noticed that there are a lot more connections open > from > > the ldap Server to the “target” Servers. Sometimes close to 1000. As this is > a > > temporary setup I did not investigate any more. In the last days we > sometimes > > see the following errors in log: > > > > “daemon: accept(10) failed errno=24 (Too many open files)” > > > > “connection_input: conn=1799 deferring operation: too many executing” > > > > “connection_read(446): no connection!” > > > > > > > > I suspect that this is because there are more than 1024 connections open > and > > the OS is preventing opening more FDs. > > > > > > > > I am not sure why we have so many open connections to the “target” > servers. > > > > > > > > Maybe someone can spot my config error. > > > > > > > > Thanks in advance. > > > > > > > > dn: cn=config > > > > objectClass: olcGlobal > > > > cn: config > > > > olcArgsFile: /var/lib/openldap/slapd.args > > > > olcIdleTimeout: 15 > > > > olcLocalSSF: 256 > > > > olcLogLevel: none > > > > olcPidFile: /var/lib/openldap/slapd.pid > > > > olcRootDSE: /etc/openldap/rootDSE.ldif > > > > olcSaslSecProps: noplain,noanonymous > > > > olcSecurity: simple_bind=256 ssf=256 tls=0 > > > > olcTLSCACertificateFile: /etc/ssl/certs/ca-bundle.crt > > > > olcTLSCertificateFile: /etc/openldap/certs/server.pem > > > > olcTLSCertificateKeyFile: /etc/openldap/certs/server.key > > > > olcTLSCipherSuite: DEFAULT:-SHA1:-CBC > > > > olcTLSDHParamFile: /etc/openldap/dhparam.pem > > > > olcTLSProtocolMin: 3.3 > > > > > > > > dn: olcDatabase={2}ldap,cn=config > > > > objectClass: olcDatabaseConfig > > > > objectClass: olcLDAPConfig > > > > olcDatabase: {2}ldap > > > > olcAccess: redacted > > > > olcDbACLBind: bindmethod=simple binddn=cn=proxy,ou=admin,o=tu- > > darmstadt credentials=redacted tls_cacert=/etc/ssl/certs/ca-bundle.crt > > > > olcDbStartTLS: ldaps tls_cacert=/etc/ssl/certs/ca-bundle.crt > > > > olcDbURI: ldaps://backend-server01.example.com/ > > > > olcRootDN: cn=admin,ou=admin,o=tu-darmstadt > > > > olcSizeLimit: unlimited > > > > olcSuffix: o=tu-darmstadt > > > > olcTimeLimit: 90 > > > > > > > > Kind regards > > > > Clemens (Bergmann) > > > > > > > > -- > > > > Clemens Bergmann > > > > [er/ihm; he/him] > > > > Gruppe Nutzermanagement und Entwicklung > > > > Technische Universität Darmstadt > > > > Hochschulrechenzentrum, Alexanderstraße 2, 64283 Darmstadt > > > > Tel. +49 6151 16 71184 > > > > http://www.hrz.tu-darmstadt.de/ <http://www.hrz.tu-darmstadt.de/> > > > >
