beautypg.com

Nsslapd-maxdescriptors (maximum file descriptors), Note, Nsslapd-maxsasliosize (maximum sasl packet size) – Red Hat 8.1 User Manual

Page 39: Attribute, Section 2.3.1.77, “nsslapd-maxdescriptors, Maximum file descriptors), For more information

background image

Entry DN

cn=config

Valid Range

0 - 2 gigabytes (2,147,483,647 bytes)
Zero 0 means that the default value should be
used.

Default Value

2097152

Syntax

Integer

Example

nsslapd-maxbersize: 2097152

2.3.1.77. nsslapd-maxdescriptors (Maximum File Descriptors)

This attribute sets the maximum, platform-dependent number of file descriptors that the Directory Server
tries to use. A file descriptor is used whenever a client connects to the server and also for some server
activities, such as index maintenance. File descriptors are also used by access logs, error logs, audit
logs, database files (indexes and transaction logs), and as sockets for outgoing connections to other
servers for replication and chaining.

The number of descriptors available for TCP/IP to serve client connections is determined by nsslapd-
conntablesize
, and is equal to the nsslapd-maxdescriptors attribute minus the number of file
descriptors used by the server as specified in the nsslapd-reservedescriptors attribute for non-
client connections, such as index management and managing replication. The nsslapd-
reservedescriptors
attribute is the number of file descriptors available for other uses as described
above. See

Section 2.3.1.89, “nsslapd-reservedescriptors (Reserved File Descriptors)”

.

The number given here should not be greater than the total number of file descriptors that the operating
system allows the ns-slapd process to use. This number differs depending on the operating system.

If this value is set too high, the Directory Server queries the operating system for the maximum allowable
value, and then use that value. It also issues a warning in the error log. If this value is set to an invalid
value remotely, by using the Directory Server Console or ldapmodify, the server rejects the new
value, keep the old value, and respond with an error.

Some operating systems let users configure the number of file descriptors available to a process. See
the operating system documentation for details on file descriptor limits and configuration. The dsktune
program (explained in the Directory Server Installation Guide) can be used to suggest changes to the
system kernel or TCP/IP tuning attributes, including increasing the number of file descriptors if
necessary. Increased the value on this attribute if the Directory Server is refusing connections because
it is out of file descriptors. When this occurs, the following message is written to the Directory Server's
error log file:

Not listening for new connections -- too many fds open

See

Section 2.3.1.38, “nsslapd-conntablesize”

for more information about increasing the number of

incoming connections.

NOTE

UNIX shells usually have configurable limits on the number of file descriptors. See the operating
system documentation for further information about limit and ulimit, as these limits can often
cause problems.

The server has to be restarted for changes to this attribute to go into effect.

Parameter

Description

Entry DN

cn=config

Valid Range

1 to 65535

Default Value

1024

Syntax

Integer

Example

nsslapd-maxdescriptors: 1024

2.3.1.78. nsslapd-maxsasliosize (Maximum SASL Packet Size)

When a user is authenticated to the Directory Server over SASL GSS-API, the server must allocate a
certain amount of memory to the client to perform LDAP operations, according to how much memory the
client requests. It is possible for an attacker to send such a large packet size that it crashes the
Directory Server or ties it up indefinitely as part of a denial of service attack.

The packet size which the Directory Server will allow for SASL clients can be limited using the nsslapd-
maxsasliosize
attribute. This attribute sets the maximum allowed SASL IO packet size that the server
will accept.

Red Hat Directory Server 8.1 Configuration and Command Reference

39