Maresca, Steven <steven.mare...@uconn.edu> wrote: > > I'm experiencing rlm_ldap errors "All ldap connections are in use" > fairly regularly, even after adjusting 'ldap_connections_number' in > radiusd.conf to a fairly high value. > > Aside from failed authentications corresponding with these errors, > everything is behaving properly. The LDAP server itself is responding > correctly when queried, and it is running on localhost. > > Any suggestions for alleviating congestion or otherwise preventing > this problem? > Although it might be local and 'working', the queries you make against the LDAP server could be taking 5 seconds a piece (which sounds like the effect of the problem you are experiencing).
Check that you are not making needlessly expensive lookups on your LDAP server, such as: ---- (&(uid=bob)(accountstate=enabled)) ---- When instead you should use: ---- (&(objectclass=user)(uid=bob)(accountstate=enabled)) ---- As well as checking that your queries are sane, also check that your LDAP database is properly indexed. Speak to your local LDAP admin for advice. Cheers -- Alexander Clouter .sigmonster says: That that is is that that is not is not. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html