[Samba] LDAP connection leak?

Andrew Bartlett abartlet at samba.org
Fri Jan 23 22:50:56 GMT 2004


On Sat, 2004-01-24 at 09:09, Wil Cooley wrote:
> I've set up Samba 3 as a PDC/BDC with LDAP.  Yesterday we upgraded from
> 3.0.1 to 3.0.2rc1, which fixed some client-to-client problems we were
> having.  Shortly after midnight this morning the PDC stopped--the
> general syslog logs, the LDAP log, and the Samba logs.  The only process
> that seems to continue is NTP, which after start-up does nothing NSS or
> PAM-related.  This leads me to think slapd is stopping for some reason
> and this total system hang is your general LDAP-NSS/PAM death.  nss_ldap
> and pam_ldap are configured to fail over to the remote slave LDAP
> server, but I just noticed I had the hostname spelled wrong.
> 
> It does, however, indicate a potential problem with Samba--smbd seems to
> make an inordinate number of connections to slapd and I suspect is
> leaking connections.  Here's what slapd started logging, just before
> everything came to a halt:
> 
> Jan 23 00:07:30 teradactyl slapd[31707]: deferring operation
> Jan 23 00:07:37 teradactyl last message repeated 3 times
> Jan 23 00:07:37 teradactyl slapd[31707]: daemon: conn=39649 fd=52 connection from IP=127.0.0.1:42976 (IP=0.0.0.0:389) accepted.
> Jan 23 00:08:07 teradactyl slapd[31707]: deferring operation
> Jan 23 00:08:07 teradactyl slapd[31707]: deferring operation
> Jan 23 00:08:07 teradactyl slapd[31707]: daemon: conn=39650 fd=54 connection from IP=127.0.0.1:42983 (IP=0.0.0.0:389) accepted.
> Jan 23 00:08:34 teradactyl slapd[31707]: daemon: conn=39651 fd=55 connection from IP=127.0.0.1:42990 (IP=0.0.0.0:389) accepted.
> Jan 23 00:08:37 teradactyl slapd[31707]: deferring operation
> Jan 23 00:08:37 teradactyl slapd[31707]: deferring operation
> 
> The connections started a 0 Jan 19th, at 14:35.  Notice, however, how
> high the 'fd=' descriptor is at this point--which leads me to believe
> that Samba isn't closing open socket connections.

I would not think that 52 was high, given the number of files that slapd
has to open before it starts serving connections anyway.

Samba will open one connection per smbd, and nss_ldap will open one per
program using nsswitch.   Standard posix semantics ensures these close
on daemon shutdown.

Do you have anything that indicates that we are actually leaking (rather
than just using) connections?

Andrew Bartlett
-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040124/d6840c3c/attachment.bin


More information about the samba mailing list