[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Protecting a slapd Server from Excessive Client Queries

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: Protecting a slapd Server from Excessive Client Queries
From: Howard Chu <hyc@symas.com>
Date: Tue, 07 Feb 2006 15:34:15 -0800
Cc: "Ramseyer, Ken" <ken.ramseyer@lmco.com>, OpenLDAP-software@OpenLDAP.org
In-reply-to: <7.0.1.0.0.20060207150307.03966d98@OpenLDAP.org>
References: <32BA9E46B8BE584A8EEA3D355C00B6339170D0@emss09m08.us.lmco.com> <7.0.1.0.0.20060207150307.03966d98@OpenLDAP.org>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060115 SeaMonkey/1.5a Mnenhy/0.7.3.0

Kurt D. Zeilenga wrote:

At 11:27 AM 2/7/2006, Ramseyer, Ken wrote:
Can OpenLDAP (slapd) be protected from a runaway client process that repeatedly calls ldap_search thousands of times a second?
IIRC, slapd(8) will attempt to prevent a single connection to consume
more than half thread pool.  Of course, client which consumes
half the thread pool for even short periods of time can adversely
affect service to other clients.
Beyond this, no other slapd(8) features come to mind.

And of course, a moderately powerful machine can easily service thousands of searches per second. So the other question is, what are you really trying to protect against?

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/

References:
- Protecting a slapd Server from Excessive Client Queries
  - From: "Ramseyer, Ken" <ken.ramseyer@lmco.com>
- Re: Protecting a slapd Server from Excessive Client Queries
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Protecting a slapd Server from Excessive Client Queries
Next by Date: Re: import to openldap
Index(es):
- Chronological
- Thread