Hello Admins About the problem, there are a new interesting message from Leonard J. Peirce. It4s a good explanation about the problem and how to correct it. > Hi.... > > I replied to your message but sent it directory to the Sun > Managers mailing list in the hope it would be posted for > everyone to see. > I saw your summary and realized that the moderator didn't put > mine out for everyone so I figured I'd pass it along directly to you. > > > Recently, I was installed a openldap software in a Sun > Solaris 9 box. > > Initial tests are ok, but now, when I was migrated my users to this > > system, frequently the ldap daemon stops to work. In the > logs, I was saw this message: > > > > warning: cannot open /etc/hosts.allow: Too many open files > > > > Restarting the slapd daemon, the system works again, but with a > > increment of the network demand, the error goes back and I need to > > restarts again and again and again... > > I searched about it in the net and I discovered something. > Apparently, > > the problem is that the file descriptors of the system is very low > > (256). I was used the 'plimit' command to view the > information of my slapd process: > > Boy, does this sound familiar. > > On Solaris 8 you'll need to increase the number of file > descriptors per process by increasing rlim_fd_max in > /etc/system. The default for Solaris 8 is only 1024. On > Solaris 9 you don't need to do anything because the default > for rlim_fd_max is 65536. See > > > http://docs.sun.com/app/docs/doc/806-7009/6jftnqsjj?a=view#chapter2-31 > > You also need to set ulimit before you start slapd to be able > to use all 65k file descriptors. > > But the biggest problem is actually in TCP wrappers. libwrap > likes to use standard I/O to read hosts.allow/hosts.deny and > with accept()/open()/socket() all competing for file > descriptors a hard-hit, multithreaded server like slapd will > quickly run out once it hits OPEN_MAX (#defined in limits.h) > even if rlim_fd_max is set high. > > We fought this for a while until I made some changes to > OpenLDAP to work around the limitation in libwrap. Basically > I wrote a wrapper function for > open() called stdio_safe_open(). All it does is take the > file descriptor returned by open() and dup()'s it above > OPEN_MAX so it stays out of the way of the fopen() call > libwrap does when it reads hosts.allow/hosts.deny. > I had to wire my new function in several files in the > OpenLDAP source but it worked fine. I sent a message to the > PADL guys detailing what I did but never heard back from them. > > We ran into this TCP wrapper limitation in other places, too. > Stunnel comes immediately to mind. There I also had to > write wrapper functions for accept() and connect() that did > the same thing. Once in place stunnel worked nicely, too. > > Some day, if I get a some free time, I might update TCP > wrappers to not use standard I/O. Until then, if anyone > wants the standard I/O safe versions of accept(), connect(), > and open() I can send them out. > > __ > Leonard J. Peirce Email: leonard.peirce@wmich.edu > Senior UNIX System Administrator > Western Michigan University > Office of Information Technology > Kalamazoo, MI 49008 Phone: (269) 387-5430 _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Fri Mar 11 06:48:33 2005
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:44 EST