Thanks for the help! On the new server, there is nothing related in the errors log. In the access log, I see the successful binds from the old server: [18/Apr/2024:16:10:22.457956096 +0000] conn=182814 op=0 BIND dn="cn=eds2.iam.arizona.edu:389,ou=Services,dc=eds,dc=arizona,dc=edu" method=128 version=3 [18/Apr/2024:16:10:22.465767099 +0000] conn=182814 op=0 RESULT err=0 tag=97 nentries=0 wtime=0.000061482 optime=0.007844345 etime=0.007904970 dn="cn=eds2.iam.arizona.edu:389,ou=services,dc=eds,dc=arizona,dc=edu" [18/Apr/2024:16:10:22.490471613 +0000] conn=182814 op=1 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [18/Apr/2024:16:10:22.491081053 +0000] conn=182814 op=1 RESULT err=0 tag=101 nentries=1 wtime=0.000113881 optime=0.000613900 etime=0.000727198 [18/Apr/2024:16:10:22.492073298 +0000] conn=182814 op=2 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension" [18/Apr/2024:16:10:22.492563635 +0000] conn=182814 op=2 RESULT err=0 tag=101 nentries=1 wtime=0.000127618 optime=0.000492238 etime=0.000619213 [18/Apr/2024:16:10:22.493480021 +0000] conn=182814 op=3 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multisupplier-extop" [18/Apr/2024:16:10:22.497607017 +0000] conn=182814 op=3 RESULT err=0 tag=120 nentries=0 wtime=0.000045592 optime=0.004128811 etime=0.004173982 There's no more activity from that connection until it times out (10 minute timeout set): [18/Apr/2024:16:20:22.443255138 +0000] conn=182814 op=-1 fd=127 Disconnect - Connection timed out - Idle Timeout (nsslapd-idletimeout) - T1 Other info - Old server: nsslapd-conntablesize: 65535 nsslapd-threadnumber: 96 nsslapd-maxdescriptors: 65535 net.core.somaxconn = 128 net.ipv4.tcp_max_syn_backlog = 2048 New server: nsslapd-conntablesize (attribute doesn't exist in the schema) nsslapd-threadnumber: 16 nsslapd-maxdescriptors: 16384 net.core.somaxconn = 4096 net.ipv4.tcp_max_syn_backlog = 4096 I tried upping the threadnumber and maxdescriptors to match the old server, but that didn't seem to help Old server monitor command: dn: cn=monitor version: 389-Directory/1.3.9.0 B2018.304.1940 threads: 96 connection: (a bunch of these) currentconnections: 80 totalconnections: 858539 currentconnectionsatmaxthreads: 0 maxthreadsperconnhits: 17 dtablesize: 65535 readwaiters: 0 opsinitiated: 8152665 opscompleted: 8152664 entriessent: 160176043 bytessent: 95033377994 currenttime: 20240418184550Z starttime: 20240416182128Z nbackends: 3 New server monitor command: dn: cn=monitor version: 389-Directory/2.5.0 B2024.017.0000 threads: 17 connection: 1:20240417165837Z:3:3:-:cn=Directory Manager:0:0:0:4:ip=local connection: 2:20240418184424Z:3:2:-:cn=directory manager:0:0:0:200246:ip=127.0.0.1 currentconnections: 2 totalconnections: 200246 currentconnectionsatmaxthreads: 0 maxthreadsperconnhits: 0 dtablesize: 16258 readwaiters: 0 opsinitiated: 1913950 opscompleted: 1913949 entriessent: 1945806 bytessent: 206107062 currenttime: 20240418184424Z starttime: 20240417165836Z nbackends: 1 -- _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
