Re: Stability problems with Apache on OS X 10.6 Server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

In users Digest Issue 3741 (21 Dec 2009 15:54:32 -0000), Thomas Scheider wrote:

> [problems with LDAP authentication on 10.6.2]
> After 5000+ SSL requests, users begin to be denied log-in to the web 
> site. In the Apache error_log the following is written:
>  
> [Mon Dec 21 09:14:23 2009] [info] Initial (No.1) HTTPS request received for child 6 (server 172.25.2.99:443)
> could not lookup DNS configuration info service: (ipc/send) invalid destination port
> [...]
> On the same server I have a ProFTPD running which also does log-in 
> verification against the LDAP server and retrieves varios information 
> about the user. The program runs into the same problems, ie. the "could 
> not lookup  ..." begins to appear in the itøs log file, and users are 
> refused access to the FTP server.
> [...]

This would imply that the problem lies not with Apache, but with either
the LDAP server or OS 10.6.2 (which is, I assume, the OS on which the 
Apache and ProFTPd applications are running).

> The messages "could not lookup .." does not begin to appear at the same 
> time in the logfiles. The apache may be running fine, while the FTP server 
> is rejecting users, and wise versa.

I'd suspect that the connections to the LDAP server are not being "cleaned
up", and once the application reaches it's per-process file descriptor limit
it is being denied its request to open another network connection (i.e.,
allocate another file descriptor).  Check the output of:
  lsof -nPi | grep ":389"
(NOTE: You must execute this as "root" in order to see _all_ the connections)
This should show you all the current connections to the LDAP server, which
application/process is "controlling" that connection, and the current
connection state.  

You might also check the system.log; there may be entries in there if the
LDAP connection requests ARE being rejected due to the filedescriptor limit. 

What to do next depends on:
  a) Whether my theory is correct; and,
  b) What state the connections are "hung" in.

Regards,

Michael A. Pasek

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux