I am the LDAP admin :). The lookup being performed is simply existence of the uid, and no more. Queries to the LDAP server are essentially instantaneous and indexing is on uid.
That's why this is particularly curious - the LDAP server is operating perfectly by every metric, but freeradius rlm_ldap is running out of connections in its pool. -s ________________________________________ From: freeradius-users-bounces+steven.maresca=uconn....@lists.freeradius.org [freeradius-users-bounces+steven.maresca=uconn....@lists.freeradius.org] On Behalf Of Alexander Clouter [a...@digriz.org.uk] Sent: Tuesday, February 08, 2011 2:05 PM To: freeradius-users@lists.freeradius.org Subject: Re: rlm_ldap error "All ldap connections are in use" Maresca, Steven <steven.mare...@uconn.edu> wrote: > > I'm experiencing rlm_ldap errors "All ldap connections are in use" > fairly regularly, even after adjusting 'ldap_connections_number' in > radiusd.conf to a fairly high value. > > Aside from failed authentications corresponding with these errors, > everything is behaving properly. The LDAP server itself is responding > correctly when queried, and it is running on localhost. > > Any suggestions for alleviating congestion or otherwise preventing > this problem? > Although it might be local and 'working', the queries you make against the LDAP server could be taking 5 seconds a piece (which sounds like the effect of the problem you are experiencing). Check that you are not making needlessly expensive lookups on your LDAP server, such as: ---- (&(uid=bob)(accountstate=enabled)) ---- When instead you should use: ---- (&(objectclass=user)(uid=bob)(accountstate=enabled)) ---- As well as checking that your queries are sane, also check that your LDAP database is properly indexed. Speak to your local LDAP admin for advice. Cheers -- Alexander Clouter .sigmonster says: That that is is that that is not is not. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
