Description of problem: There are quite often customer cases about shortage of file descriptors and LDAP client requests not being processed. The shortage is usually caused by a low value set for the nsslapd-conntablesize parameter. The documentation mentions: ========================================== The number of descriptors available for TCP/IP to serve client connections is determined by nsslapd-conntablesize, and is equal to the nsslapd-maxdescriptors attribute minus the number of file descriptors used by the server as specified in the nsslapd-reservedescriptors attribute for non-client connections, such as index management and managing replication. ========================================== Nonetheless the gap usually observed between nsslapd-conntablesize and nsslapd-maxdescriptors ( default values ) looks pretty high. Eg: # dsconf -D "cn=Directory Manager" ldap://localhost:10389 config get nsslapd-conntablesize nsslapd-maxdescriptors Enter password for cn=Directory Manager on ldap://localhost:10389: nsslapd-conntablesize: 1024 nsslapd-maxdescriptors: 262144 # Would it be possible to make sure that the default value for nsslapd-conntablesize is set to something around ( nsslapd-maxdescriptors / 2 ) while keeping it capped to 64K [1] ? [1] https://github.com/389ds/389-ds-base/blob/641221788c6081481d47e658c572fc0b32aed955/ldap/servers/slapd/libglobs.c#L4842 Version-Release number of selected component (if applicable): RHDS 11.4 on RHEL 8.5. How reproducible: Always on my test systems and at customer sites. Steps to Reproduce: Install RHDS and check the default values of both parameters. Actual results: nsslapd-conntablesize is set to 1K Expected results: Have a higher default value. Additional info:
Upstream ticket: https://github.com/389ds/389-ds-base/issues/5469
============================================================================================================ test session starts ============================================================================================================= platform linux -- Python 3.9.17, pytest-7.4.1, pluggy-0.13.1 -- /usr/bin/python3 cachedir: .pytest_cache metadata: {'Python': '3.9.17', 'Platform': 'Linux-5.14.0-362.1.1.el9_3.x86_64-x86_64-with-glibc2.34', 'Packages': {'pytest': '7.4.1', 'pluggy': '0.13.1'}, 'Plugins': {'metadata': '3.0.0', 'html': '4.0.0', 'libfaketime': '0.1.2', 'flaky': '3.7.0'}} 389-ds-base: 2.3.5-1.module+el9dsrv+19320+04706864 nss: 3.90.0-3.el9_2 nspr: 4.35.0-3.el9_2 openldap: 2.6.3-1.el9 cyrus-sasl: 2.1.27-21.el9 FIPS: disabled rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests configfile: pytest.ini plugins: metadata-3.0.0, html-4.0.0, libfaketime-0.1.2, flaky-3.7.0 collected 2 items dirsrvtests/tests/suites/resource_limits/fdlimits_test.py::test_fd_limits PASSED [ 50%] dirsrvtests/tests/suites/resource_limits/fdlimits_test.py::test_reserve_descriptor_validation PASSED [100%] ============================================================================================================= 2 passed in 20.28s ============================================================================================================= Marking as VERIFIED.
RN passed SME review
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (redhat-ds:12 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2023:7429