Shibboleth Developers

[Iljun Kim <>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The directory server was installed on 2/24/03.  

The following is from the iPlanet directory server installation
guide.

===

File Descriptors

The system-wide maximum file descriptor table size setting will limit
the number of concurrent connections that can be established to
iPlanet Directory Server. The governing parameter, rlim_fd_max, is set
in the /etc/system file. If this parameter is not present, the maximum
is 1024 by default. It can be raised to 4096 by adding the line

set rlim_fd_max=4096

to

/etc/system

and rebooting the system. This parameter should not be raised above
4096 without first consulting your Sun Solaris support representative
as it may affect the stability of the system.


===


Fyi, the installation instruction was given by Steven Carmody and the
following is the note that I made right after the installation. 


- - The patches 108773-17 108921-16 108940-49 and 112003-03 were
  installed.
- - The following were added to /etc/init.d/inetinit file.
       ndd -set /dev/tcp tcp_time_wait_interval 30000
       ndd -set /dev/tcp tcp_conn_req_max_q 1024
       ndd -set /dev/tcp tcp_keepalive_interval 600000
       ndd -set /dev/tcp tcp_rexmit_interval_initial 500
       ndd -set /dev/tcp tcp_ip_abort_cinterval 10000
       ndd -set /dev/tcp tcp_ip_abort_interval 60000
       ndd -set /dev/tcp tcp_smallest_anon_port 8192
       ndd -set /dev/tcp tcp_deferred_ack_interval 5
       ndd -set /dev/tcp tcp_strong_iss 2
- - The following lines were added to /etc/system file
      set rlim_fd_max=4096
      set rlim_fd_cur=4096
- - The user/group "ldap/ldap" were created and the uid/gid "55/55" were
  assigned to match with shib1 and shib2 servers.


Thanks.

- --IJ.



On Fri, Jul 18, 2003 at 10:33:34AM -0400, Dan Pritts wrote:
> According to his install notes, IJ changed this when he installed the
> SunOne LDAP server.  Presumably this is recommended by the installation
> instructions for that software.
> 
> On Fri, Jul 18, 2003 at 10:10:52AM -0400, Derek Atkins wrote:
> > I certainly never changed it...  It's possible it was changed by
> > a patch, but I can't imagine why.
> > 
> > -derek
> > 
> > Scott Cantor 
> > <>
> >  writes:
> > 
> > > When did the /etc/system file change to include that setting? Because 
> > > the
> > > date on the file before I touched it was months ago, and I know the code
> > > worked since then.
> > > 
> > > I can't explain that, at all. I just know it worked once I commented it 
> > > out
> > > and rebooted.
> > > 
> > > 
> > > For list utilities, archives, subscribe, unsubscribe, etc. please visit 
> > > the
> > > ListProc web interface at 
> > > 
> > >     http://archives.internet2.edu/
> > > 
> > > 
> > 
> 
> 
> danno
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/GBRotxwa8/Dz01YRAnSbAKCX5Zu3/1FcVZNTRhM7KeXjqtIXPwCdENH2
jckEMWhqyNrkWAGRUJQm1wA=
=t8ai
-----END PGP SIGNATURE-----

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--