Unix domain socket leak in 6-STABLE

Alexandre Biancalana biancalana at gmail.com
Wed Jun 13 19:38:21 UTC 2007


On 6/13/07, Ulrich Spoerlein <uspoerlein at gmail.com> wrote:
>
> Hi,
>
> as you are aware, there is a unix domain socket leak in 6-STABLE,
> which AFAIK is not yet fully fixed.
>
> I wanted to ask about the status or some possible fixes, as I know a
> way to reproduce the problem in a matter of minutes.
>
> We are running Cyrus and Postfix with the user DB in OpenLDAP. When
> using ldapi://%2fvar%2frun%2fopenldap%2fldapi/ as a connection URL for
> both Postfix' user lookup and cyrus' user lookup (via nss_ldap). slapd
> quickly runs out of filedescriptors as it is not closing any unix
> sockets (judging by ever increasing lsof output).
>
> Using TCP sockets is just fine. If there are patches I could try,
> don't hesitate to send them to me.



Ohhh !! I had exactly the same problem last night.

After change the line of /usr/local/etc/nss_ldap.conf from

uri ldap://127.0.0.1/

to

uri ldapi://%2fvar%2frun%2fopenldap%2fldapi/

The open sockets off this machine started to increase until reach maxfiles
limit and show messages like this:

kernel: kern.maxfiles limit exceeded by uid 65534, please see tuning(7).

and slapd stopped to accept new connections.

During the day (production hours) the number off connections (using TCP
sockets) to OpenLDAP range from 16 to 45. Last night after change the type
connection to Unix Domain Socket the number of connections raised rapidly to
about 4000. I get this numbers using sockstat -c command.

This machine is our Samba PDC, running 6.2-STABLE compile in Apr  5 13:33:50
using samba-3.0.24,1, nss_ldap-1.255, openldap-server-2.3.34_1

I can provide more information if need.

Any Advises/Patches ?

 Best Regards,
Alexandre Biancalana


More information about the freebsd-stable mailing list