HP UX Identity Security Software manual Nsslapd-maxbersize Maximum message size

2.3.1.69 nsslapd-maxbersize (Maximum message size)

Defines the maximum size in bytes allowed for an incoming message. This limits the size of LDAP requests that can be handled by the Directory Server. Limiting the size of requests prevents some kinds of denial of service attacks.

The limit applies to the total size of the LDAP request. For example, if the request is to add an entry and if the entry in the request is larger than two megabytes, then the add request is denied. Be cautious before changing this attribute.

2.3.1.70 nsslapd-maxdescriptors (Maximum file descriptors)

This attribute sets the maximum, platform-dependent number of file descriptors that the Directory Server tries to use. A file descriptor is used whenever a client connects to the server and also for some server activities, such as index maintenance. File descriptors are also used by access logs, error logs, audit logs, database files (indexes and transaction logs), and as sockets for outgoing connections to other servers for replication and chaining.

The number of descriptors available for TCP/IP to serve client connections is determined by nsslapd-conntablesize, and is equal to the nsslapd-maxdescriptors attribute minus the number of file descriptors used by the server as specified in the nsslapd-reservedescriptors attribute for non-client connections, such as index management and managing replication. The nsslapd-reservedescriptors attribute is the number of file descriptors available for other uses as described above. See “nsslapd-reservedescriptors (Reserved file descriptors)”.

The number given here should not be greater than the total number of file descriptors that the operating system allows the ns-slapdprocess to use. This number differs depending on the operating system.

If this value is set too high, the Directory Server queries the operating system for the maximum allowable value, then use that value. It also issues a warning in the error log. If this value is set to an invalid value remotely, by using the Directory Server Console or the ldapmodify command, the server rejects the new value, keep the old value, and respond with an error.

Some operating systems let users configure the number of file descriptors available to a process. See the operating system documentation for details on file descriptor limits and configuration. The dsktune program (explained in the HP-UX Directory Server installation guide) can be used to suggest changes to the system kernel or TCP/IP tuning attributes, including increasing the number of file descriptors if necessary. Increased the value on this attribute if the Directory Server