What version of 389-ds-base are you using?
In newer versions we automatically set the server FD limit to the
maximum allowed per process. This can be seen in the errors log at
[09/Nov/2022:16:23:07.100244932 -0500] - INFO - main - Setting the
maximum file descriptor limit to: 524288
389-ds also has no issues with handling 1000's of concurrent
connections. So I suspect this is just a tuning issue, but let us know
what version you are running so we can give you the proper tuning advice.
Now if you have issues with idle/stale connections, or bad clients, then
look into tuning nsslapd-ioblocktimeout (e.g. 10000 => 10 seconds), and
On 11/11/22 9:25 AM, Tobias Ernstberger wrote:
> we're observing the following error message:
> "ERR - accept_and_configure - PR_Accept() failed, Netscape Portable Runtime error -5971 (Process open FD table is full.)"
> Looks like the file descriptors are exhausted, probably mainly used by incoming TCP Connections (based on our investigation regarding open FDs).
> We've set (and checked using the runtime information in /proc/PID/limits) the ulimits and the nsslapd-maxdescriptors to many thousands (while having about 1000 open connection regularly)
> We are investigating in multiple directions here, and have some questions - any input is appreciated:
> 1) We acknowledge that exhausted FDs prevent additional connections to be opened. But we also see, that existing connections are getting unusable, too. Is this a known behaviour? Can this be avoided?
> 2) Is there any chance to limit the number of open connections (lower than the max FDs)? (trying to achieve that existing connections still work)
> 3) What are best practice to prevent the ldap server from getting completely useless (until restart) if a client opens many connections?
> 4) Any additional remarks to prevent this situation?
> Kind regards
> Tobias Ernstberger
> IBM Security
> IBM Deutschland GmbH
> Vorsitzender des Aufsichtsrats: Sebastian Krause
> Geschäftsführung: Gregor Pillen (Vorsitzender), Nicole Reimer, Gabriele Schwarenthorer, Christine Rupp, Frank Theisen
> Sitz der Gesellschaft: Ehningen / Registergericht: Amtsgericht Stuttgart, HRB 14562 / WEEE-Reg.-Nr. DE 99369940
> 389-users mailing list -- firstname.lastname@example.org
> To unsubscribe send an email to email@example.com
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://firstname.lastname@example.org
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Directory Server Development Team
389-users mailing list -- email@example.com
To unsubscribe send an email to firstname.lastname@example.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://email@example.com
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Post a Comment