CLOSE_WAIT server sessions

["Hugo Tavares" <htavares@vianetworks.pt>]

 Hi,

I've an RH9 server with openldap 2.2.17 with BDB 4.2 compiled with icc to
authenticate users from a solaris 7 server with nscd (pam_ldap and
nss_ldap).

Sometimes I get thousands of connections between de client and server and
I've to delete the "ldap" entry at nsswitch.conf, because those connections
remains in CLOSE_WAIT for a very long time (hours) and server/client hangs:

(SERVER SIDE)

(lsof -i tcp:389)
slapd   1342 root 1015u  IPv4  24034       TCP zzzz:ldap->xxxxx:25581
(CLOSE_WAIT)
slapd   1342 root 1016u  IPv4  24035       TCP zzzz:ldap->xxxxx:25582
(CLOSE_WAIT)
slapd   1342 root 1017u  IPv4  24036       TCP zzzz:ldap->xxxxx:25583
(CLOSE_WAIT)
(at the moment I've 1053 CLOSE_WAIT connections during 1h:23m)

And at the openldap logs appear: 

Nov 17 14:50:45 ldap slapd[1342]: connection_input: conn=3735 deferring
operation: binding 
Nov 17 14:50:45 ldap slapd[1342]: connection_input: conn=3735 deferring
operation: binding 
Nov 17 14:50:45 ldap slapd[1342]: connection_input: conn=3737 deferring
operation: binding 


(CLIENT SIDE)
No connections

I already use lsof, sysctl, ndd and no use... I've already set ulimit to
16000 because appeared at openldap logs "to many open files"

Are there any issues between nss_ldap/pam_ldap with openLDAP? Or is there
anything that I'm missing?

BTW my relevant confs of slapd.conf:

conn_max_pending        1000
idletimeout     15
sizelimit       25000
threads         64
timelimit       30