Re: running out of file descriptors

[Dave Horsfall <daveh@ci.com.au>]

On Mon, 22 Nov 2004, Quanah Gibson-Mount wrote:

> > Is this a bug in Mozilla, or will an OpenLDAP configuration change and/or
> > upgrade fix the problem.
> 
> An upgrade and defining "idletimeout" in slapd.conf will fix this problem.
> Note that a 2.0 to 2.2 upgrade is not trivial.

But it can be done with a bit of preparation.

The main thing is that objectclass inheritance is now enforced, as are a 
few other things.  I have a Perl script, http://horsfall.org/rdnchk that 
will check and optionally correct a lot of things.

Feed it a SLAPCAT file, and it will tell you what's wrong with it.  Add 
the "-i" flag, and it will check objectclass inheritance as well.  Add the 
"-f" flag, and it will do its best to fix the errors, writing a new file 
on stdout.  The error checking and fixes were determined empirically i.e.
they work for me but not necessarily for everyone.

There's a fair bit of custom stuff in there, which I am slowly moving to a 
separate module to make it more generic.

Beware: it puts the entire tree in memory.  I tried to use tied hashes,
but couldn't get them to work (I suspect my data structures were too much).

The other main thing is that ACLs have changed; pattern matches need to
change to 'access to dn.regex="^uid=.*,dc=.*,dc=cordoors,dc=com$"' etc.

-- 
Dave Horsfall  DTM  VK2KFU  daveh@ci.com.au  Ph: +61 2 8425-5508 (d) -5500 (sw)
Corinthian Engineering, Level 1, 401 Pacific Hwy, Artarmon, NSW 2064, Australia