At 11:47 AM 3/1/2006, Marten Lehmann wrote: >I heard that openldap is limited to 1024 concurrent ldap-connections >from clients, while other directory servers can handle >millions of them. Is this true?
Like any other userland process, slapd(8) (the OpenLDAP server) is bound by the kernel and other restrictions of the host system. slapd(8) can utilize a number of different system interfaces in managing concurrent connections. Certain system interfaces may have unnatural restrictions imposed upon them by their implementors. For instance, select(3) on some Linux systems is restricted to 1024 descriptors even though the kernel can handle many more. Hence, when using this interface, the number of connections slapd(8) (or any other program using this interface) is restricted to ~1024 (unless certain select(3) workarounds were used effectively). Forunately, slapd(8) is able to take advantage of other system interfaces, namely the Linux epoll(2) interface. epoll(2) does not have the unnatural 1024 limit, hence allowing slapd(8) to manage as many connections the kernel will allow to be established. Ten of thousands, generally, yes. Millions, well, assuming the kernel didn't have some hard limit, one would generally run into various out of various other resources (such as RAM) long before you got to million connections. I note that other programs, including other directory servers, face the same restrictions and resource limitations. So you should, at a minimum, take others claims that they can support millions of concurrent connections with a grain of salt. >If yes, can I define low connection timeouts without problems at the >client-side? One can certainly configure slapd(8) to close idle connections... see idletimeout directive in slapd.conf(5). I cannot speak to how your clients react to connections being closed by the server when idle. I would suspect some handle this well and others don't. This is a topic for a list specific to each particular client. Kurt
