I am trying to protect against a client that has somehow ended up in an
infinite loop with no sleep or delay, and this client is calling
ldap_search thousands of times a second. Just one unruly or demanding
client can adversely affect service to all other clients.
Is there a way to configure slapd to prevent a single connection from
consuming less than half of the thread pool, or any other resources
(e.g., CPU, socket connections, etc.)?
Ken R.
-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Howard Chu
Sent: Tuesday, February 07, 2006 6:34 PM
To: Kurt D. Zeilenga
Cc: Ramseyer, Ken; OpenLDAP-software@OpenLDAP.org
Subject: Re: Protecting a slapd Server from Excessive Client Queries
Kurt D. Zeilenga wrote:
At 11:27 AM 2/7/2006, Ramseyer, Ken wrote:
Can OpenLDAP (slapd) be protected from a runaway client process that
repeatedly calls ldap_search thousands of times a second?
IIRC, slapd(8) will attempt to prevent a single connection to consume
more than half thread pool. Of course, client which consumes half the
thread pool for even short periods of time can adversely affect
service to other clients.
Beyond this, no other slapd(8) features come to mind.
And of course, a moderately powerful machine can easily service
thousands of searches per second. So the other question is, what are you
really trying to protect against?