On 2006-09-28, at 1:11 PM, Quanah Gibson-Mount wrote:
If I change the ulimit to 1024, then it fails at:Sep 28 13:09:59 ldap-test2 slapd[29388]: warning: cannot open /etc/ hosts.allow: Too many open files Sep 28 13:09:59 ldap-test2 slapd[29388]: error: bad option name: "171.64.11.148" Sep 28 13:09:59 ldap-test2 slapd[29388]: fd=1023 DENIED from 171.64.11.148 (171.64.11.148)So basically, this is something that can easily be overcome by the user if they need to, and doesn't require any particular compile options on the servers side. I don't really see this as any sort of DoS issue, but a user configuration issue. But that's my 2c.
That's a different error than I get - which is why I don't think it's a tcp wrappers issue. The problem which we see looks like this:
Sep 28 06:30:01 economo slapd[26971]: daemon: 1024 beyond descriptor table size 1024
/etc/init.d/slapd has ulimit -n 8192 (at least since January when I customized it to deal with #340266); it's also in the dpkg-default version as well) but slapd will reliably start rejecting anything beyond the first 1023 connections unless it's built with OPENLDAP_FD_SETSIZE set to a higher value.
Chris
smime.p7s
Description: S/MIME cryptographic signature
