Ulrich Drepper wrote:
A brief look at the slapd binary reveals that it uses select() instead of poll(). This means it is bound to the size of __FD_SETSIZE which is 1024.
Aha. That would explain it.
The change in slapd should be fairly simple.
I've noticed that most modern daemons spawn off children to handle requests, which helps limit the number of total files that any one process has open at any one time. That would be a much more involved change, however...
I'll look into the 'simple' change instead.
The fact that you only see this after some time might suggest that the daemon is leaking file descriptors. This should probably be investigated, too.
Are there any particular bits of information that I could be recording during these incidents to help identify if/how leaking is occurring? Since everything in an enterprise stops when authentication does, a reliable openldap is a very big priority for me (and, I'm sure, others as well).
