[lug] ulimit for user with no shell
hugh at math.byu.edu
Mon Jul 24 14:17:47 MDT 2006
After doing more searching (and giving ldap a shell and starting it by
hand), the problem seems to be that openldap is hard coded to 1024 even if
the ulimit is higher.
There did seem to be some indication that you shouldn't have that many
open connections and to set the connection timeout to something
appropriate. Otherwise, it means recompiling openldap.
On Mon, 24 Jul 2006, Bamm Visscher wrote:
> Try adding the following to your /etc/pam.d/other:
> session required pam_limits.so
> On 7/24/06, Hugh Brown <hugh at math.byu.edu> wrote:
> > I've got a redhat box running as an ldap server. The openldap daemon runs
> > as user ldap and has a shell of /bin/false.
> > Unfortunately the default number of open files is 1024 (which includes TCP
> > connections). Once the openldap server hits too many open connections, it
> > starts refusing connections.
> > Is it possible (within the redhat framework) to adjust the limit upward
> > w/o giving ldap a shell?
> > I've tried setting /etc/security/limits.conf with
> > * - nofiles 8192
> > and it works when I log in as a regular user, but it doesn't get picked up
> > by the script for /etc/init.d/ldap
> > I've tried adding "ulimit -n 8192" in the /etc/init.d/functions daemon
> > function and it reports setting it, but openldap still refuses connections
> > around 1024.
> > Everything I've found on the web assumes a working shell for the user.
> > TIA,
> > Hugh
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> sguil - The Analyst Console for NSM
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
More information about the LUG