We are setting up single sign-on using PAM and OpenLDAP. Our current config is as follows. client systems running Redhat 2.4.9-e.27smp PAM 0.77 OpenLDAP 2.0.27-2.7.3 LDAP server running Redhat 2.4.9-e.3 PAM 0.77 OpenLDAP 2.0.27-2.7.3 We have also attempted using an LDAP server running Redhat 2.4.9-e.30 with same problems. Now for the problem. When a user performs a login to one of the client systems, the are a number of tcp connections (106 for each login in most instances) opened to the LDAP server. For each process this user starts, there appears to be new connections to each of the slapd threads running on the LDAP server. Netstat is showing the status of these connections as "ESTABLISHED". Is this correct operation? If so, how can these systems possibly deal with multiple users performing many tasks. We have had multiple instances of the LDAP server running out of file descriptors. At this point all connections are hosed because the LDAP server is unable to handle anymore connections and quits responding to all requests. Once we recycle these OpenLDAP processes, everything seems to start functioning again. It appears we also have instances where connections and file descriptors are not being released because we have bumped the systems file descriptor limit to 65536. But I will troubleshoot that issue once I have determined the above is correct operation. IMHO, this large number of connections should not required. Has anyone experienced anything like this before? Is this an OpenLDAP or PAM issue? I started with this list because I saw a post (http://www.openldap.org/lists/openldap-bugs/200208/msg00001.html) to the OpenLDAP lists that stated this was not an OpenLDAP bug. Thank you. Michael Morris Huntsville Operations Support Center (HOSC) CSC/NASA Huntsville, AL 256-544-6192 _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
