Le vendredi 25 septembre 2009 19:02:41, Amos Jeffries a écrit :
> Luis Daniel Lucio Quiroz wrote:
> > Hi there, it's me again
> > Well as many of you knows, I have a squid+ldap+digest_auth
> > implementation. However I've realize that there are an excess of this
> > logs:
> >
> > digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
> > digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
> > digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
> > digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
> > digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
> > digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
> >
> > I know that this means that someone is trying to authenticate with an
> > user that it does not exists in ldap. However they are so many and I
> > afraid that this could be a cause that slows internet surfering because
> > squid wates its time looking for something it does not exists.
> >
> > I dont know usernames users try. I just wonder if there is a way to tell
> > squid to ignore usernames that they doesnt exists.
> >
> > Maybe an external ACL with 2 days cache?
> >
> > LD
>
> Not sure if it will help. You probably want to find out where all these
> bad requests are coming from and handle the problem. Adding a TTL is
> just a bandaid.
>
> If you are using external_acl_type directive as part of your ath you can
> add some efficiency with the ttl= and negative_ttl= options (the number
> of seconds to cache the results).
>
> Amos
>
Thanx Amos
