Re: 1024 fd limit ?

[Yann Dupont <Yann.Dupont@IPv6.univ-nantes.fr>]

Julio Sánchez Fernández wrote:
> 
> Howard Chu wrote:
> 
> > Sounds like libnss-ldap opens a connection per invocation, or something
> > similar. Since nss is a system-wide service, perhaps it should only open
> > a single connection per client machine. Failing that, set up an LDAP proxy
> > on every client machine that will accept requests on multiple connections
> > and forward them thru a single connection to the main servers.
> 
> No need for that, nscd (the Name Service Cache Daemon) does that.
> 

well nscd was not an option until last week because a bug in libnss-ldap
was leading to an almost immediate lockup.

libnss-lap 122 correct this bug and it's running there along nscd quite
happily now (since 3 days) , that's good news.

> Unfortunately, its long-running nature make it fragile and any problem
> in name service libraries (and this includes nss_ldap and libldap and friends)
> becomes very fatal and it is very easy to lock your system pretty solid.

yes ... since libnss-ldap 122, it seems to runs pretty well now.

> 
> So it takes some experimentation until you have a combination that is
> stable.  But if you have it, the whole system opens a number of
> connections and all processes share them.

well... I thought this too, but it's not what i'm seeing :(

anyway using nscd greatly reduce slapd activity, at least.

And for the 1024 fd limit, ulimit is the answer (see next post)

> 
> Julio