CentOS - May 2014 - Processes launched from rc*.d and ulimit -n

I'm running fedora directory server on some boxes in a multi-master
arrangement.

The problem is that when dirsrv is lauched from init (on boot) the maximum
number of allowed file descriptors (ulimit -n) is only 4096.  That means that
the slapd process can only accept ~4k connections, and it needs to accept ~10k
or so.

The value for nofile for all users in /etc/security/limits.conf (and limits.d/*)
is 65536, and as soon as I restart the process (service dirsrv restart) it comes
up with ulimit -n being 64K, the way it's supposed to.  Why isn't it
doing this at boot?

Right after boot:
ldap07:~ mpatenaude$ ldapsearch -x -h localhost -LLL -D 'cn=directory
manager' -W -b 'cn=config' -s base nsslapd-maxdescriptors
Enter LDAP Password:
dn: cn=config
nsslapd-maxdescriptors: 4096

ldap07:~ mpatenaude$ sudo service dirsrv restart
[sudo] password for mpatenaude:
Shutting down dirsrv:
    ldap07...                                              [  OK  ]
Starting dirsrv:
    ldap07...                                              [  OK  ]

ldap07:~ mpatenaude$ ldapsearch -x -h localhost -LLL -D 'cn=directory
manager' -W -b 'cn=config' -s base nsslapd-maxdescriptors
Enter LDAP Password:
dn: cn=config
nsslapd-maxdescriptors: 65535

Thanks,
  -- Mitch Patenaude

> The value for nofile for all users in /etc/security/limits.conf (and
limits.d/*) is 65536, and as soon as I restart the process (service dirsrv
restart) it comes up with ulimit -n being 64K, the way it's supposed to. 
Why isn't it doing this at boot?
I figured out part of this: limits.conf is read by pam_limits.so, so until you
log in, it isn't effective.  I don't have an elegant solution, but my
hackish solution so far is just to put a "ulimit -n 65536" into the
init script.  Does anybody have a better (more elegant) solution?

  -- Mitch Patenaude

Mitch Patenaude wrote:
> I'm running fedora directory server on some boxes in a multi-master
> arrangement.
> 
> The problem is that when dirsrv is lauched from init (on boot) the
> maximum number of allowed file descriptors (ulimit -n) is only 4096.
> That means that the slapd process can only accept ~4k connections,
> and it needs to accept ~10k or so.
There was a thread about just this in the last couple of weeks or so - see:

<http://lists.centos.org/pipermail/centos/2014-April/142407.html>

and continued from:

<http://lists.centos.org/pipermail/centos/2014-May/142635.html>

James Pearson