Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » increase CLOSED LDAPS Sessions (fixed in 7.4.3) (Version 7.4.1 (OS X) CLOSED LDAPS Sessions (fixed in 7.4.3))
John A.

Messages: 8
Karma: 0
Send a private message to this user
Question if others also see this problem (increase off CLOSED ldaps sessions, not vanishing):

Running KerioConnect version 7.4.1 (build 7267) on OS X server 10.6.8
(500 users)

$lsof -i:636

a couple examples from the 161 entry's (still growing):

mailserve 145 root 1469u IPv4 0xffffff80673cb1c8 0t0 TCP mail.example.tst:ldaps->mac-8-26.example.tst:50983 (CLOSED)
mailserve 145 root 1478u IPv4 0xffffff809e409bd8 0t0 TCP mail.example.tst:ldaps->mac-8-26.example.tst:50714 (CLOSED)
mailserve 145 root 1519u IPv4 0xffffff80673db1c8 0t0 TCP mail.example.tst:ldaps->mac-8-26.example.tst:49518 (CLOSED)
mailserve 145 root 1573u IPv4 0xffffff809cf3f7b8 0t0 TCP mail.example.tst:ldaps->mac-8-5.example.tst:52639 (CLOSED)
mailserve 145 root 1579u IPv4 0xffffff809bbe7bd8 0t0 TCP mail.example.tst:ldaps->mac-4-50.example.tst:51934 (CLOSED)
mailserve 145 root 1594u IPv4 0xffffff809bdbbbd8 0t0 TCP mail.example.tst:ldaps->mac-8-95.example.tst:51192 (CLOSED)
mailserve 145 root 1616u IPv4 0xffffff80673f85e8 0t0 TCP mail.example.tst:ldaps->mac-8-88.example.tst:53723 (CLOSED)
mailserve 145 root 1657u IPv4 0xffffff8067477da8 0t0 TCP mail.example.tst:ldaps->mac-8-6.example.tst:53994 (CLOSED)

the amount is every day growing, they stay in CLOSED state and don't vanish
for the other services like imaps / smtps / https no problems (lsof -nP | grep TCP).

When the max is reached, ldap become in active:
Connection attempt to service LDAPS rejected: too many connections (limit)
Offcourse you can increase the limit, but there will be some day a limit Wink

Stopping kerio, will release it, but is not the solution.

[Updated on: Mon, 03 September 2012 09:26]

Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Do you know what LDAP clients are running at these Macs?
John A.

Messages: 8
Karma: 0
Send a private message to this user
Used Clients:

Apple Mail (5.2 and 4.5) {osx 10.7 and 10.6}
AddressBook (6.1.2 and 5.0.3) {osx 10.7 and 10.6}

They query the public folder and there own contact folder. There are no messages at the client. When I look at the client network connections, then it's vanished (so normal behavior).

I just did a query on the public folder, with address book version 6.1.2 with the ldaps protocol, and I still see the connection on kerio server:

mailserve 219 root 265u IPv4 0xffffff804c5e97b8 0t0 TCP mail.example.tst:ldaps->jab.example.tst:54841 (CLOSED)
mailserve 219 root 1627u IPv4 0xffffff80439e1418 0t0 TCP mail.example.tst:ldaps->jab.example.tst:50547 (CLOSED)

On the client, the session is vanished already. (above on the server, you see two different sessions hanging in CLOSED state)

[Updated on: Fri, 22 June 2012 19:12]

John A.

Messages: 8
Karma: 0
Send a private message to this user
The same issue, with version 7.4.2 build 7694
After updating, till now about 2 weeks 104 CLOSED ldaps connections

$lsof -i:636 | grep CLOSED | wc -l

(active users, around the 350)

The only solution too kill them is a restart from the server, stopping the service will stop kerio completely, and a restart is needed.

Status: 'awaiting bug fix'
John A.

Messages: 8
Karma: 0
Send a private message to this user
FIXED in release 7.4.3 build 7813 !
Previous Topic: Is it possible to subscribe multiple calendars at once
Next Topic: Start up configuration/setup
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 17 22:23:58 CEST 2017

Total time taken to generate the page: 0.00446 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.