NOTE: In the 3.5 version of the driver, the Fan-Out core driver can be configured to load under the Novell Identity Manager Java Remote Loader. This configuration provides the Fan-Out core driver with greater system resources and provides an isolated environment for eDirectory and Identity Manager fault-tolerance.
In UNIX, a file descriptor points to a file opened by a process, which may include files on physical disk, TCP/IP sockets, IPC handles, etc. The number of descriptors a process may have open at any given time is controlled through the user limit called “open files”. Using the “ulimit”command, this can be modified for a particular process. If file descriptors exceed this limit, the process may hang, refuse connections or exhibit otherwise erroneous behavior. By default on most linux systems, this is limit is set to 1024.
Traditionally, physical file I/O use the range of descriptors from 1-256. On Linux, this was extended to 1024, however many versions of Sun's Solaris systems continue to use 1-256, unless the application has been modified with third-party I/O libraries. When other descriptors, such as TCP/IP sockets share this range, the 1-256 or 1-1024 limit may become exhausted and physical file I/O can no longer find free descriptors to use.
The Fan-Out driver runs as a shared library under the eDirectory process (ndsd), which may also be shared with other descriptor-using entities such as NCP services, LDAP services or the Identity Manager engine. Because the Fan-Out driver uses LDAP for information, two sockets are created for each request (one incoming and one outgoing). When you combine the descriptors from the platforms connecting, with the descriptors from the LDAP server and the LDAP client, it's easy to see that the 1-1024 range can be consumed if the number of platforms is large (say > 200, running in persistent mode).
Fortunately, the Fan-Out driver can read the user limit that has been set on the ndsd process and control which descriptors it uses for incoming platforms. By setting the user limit to something large, for example 4096, the Fan-Out driver skips over 1-1024 and begins using descriptors in the range 1024-4096. This allows File I/O and LDAP to compete with the 1-1024 range, which is an adequate pool for descriptor resources. Below is the command for setting the open files user limit:
ulimit -n 4096
This command may be entered at the shell before executing /usr/sbin/ndsd, or placed near the top in the "ndsd" startup script in /etc/init.d/ndsd.
To verify that the user limit has been established, you may run the lsof UNIX command, if it is installed on your system:
on 8.7.x lsof -p `cat /etc/nds/ndsd.pid` on 8.8.x lsof -p `cat /var/opt/novell/eDirectory/data/ndsd.pid`
Look for one of the following lines:
ndsd NNNN root 1024u IPv4 NNNNN TCP *:asam (LISTEN) ndsd NNNN root 1024u IPv4 NNNNN TCP *:3451 (LISTEN)The fourth column shows 1024u, which tells us that the Fan-Out driver is using descriptor 1024 as its listening socket for port 3451.