--On Thursday, September 28, 2006 1:46 PM -0700 Chris Adams
<[EMAIL PROTECTED]> wrote:
On 2006-09-28, at 1:11 PM, Quanah Gibson-Mount wrote:
If I change the ulimit to 1024, then it fails at:
Sep 28 13:09:59 ldap-test2 slapd[29388]: warning: cannot open /etc/
hosts.allow: Too many open files
Sep 28 13:09:59 ldap-test2 slapd[29388]: error: bad option name:
"171.64.11.148"
Sep 28 13:09:59 ldap-test2 slapd[29388]: fd=1023 DENIED from
171.64.11.148 (171.64.11.148)
So basically, this is something that can easily be overcome by the
user if they need to, and doesn't require any particular compile
options on the servers side. I don't really see this as any sort
of DoS issue, but a user configuration issue. But that's my 2c.
That's a different error than I get - which is why I don't think it'sa
tcp wrappers issue. The problem which we see looks like this:
Sep 28 06:30:01 economo slapd[26971]: daemon: 1024 beyond descriptortable
size 1024
/etc/init.d/slapd has ulimit -n 8192 (at least since January when
Icustomized it to deal with #340266); it's also in the
dpkg-defaultversion as well) but slapd will reliably start rejecting
anythingbeyond the first 1023 connections unless it's built
withOPENLDAP_FD_SETSIZE set to a higher value.
Hm, that's odd. Because it doesn't do that at all for me. Although I'm
running on a 64-bit platform, so maybe that's why?
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
