Crashes with 1.0.4/1.0.5, perhaps connected with slow LDAP backend?
Martin Pauly
pauly at hrz.uni-marburg.de
Thu Sep 29 11:16:58 CEST 2005
> Yes. If all of the threads are blocked forever, waiting for the DB
> to return data, then the queue of requests grows without bounds. At
> some point, the server says "I'm not making progress, and I can't
> recover from this", and kills itself.
hm, I thought the timeout values were for this, but I now understand
that an LDAP communication might get stuck halfway, thus _not_
triggering a timeout event.
> Since the server is *already* effectively dead at that point, it
> makes no difference to your network.
>
> The solution is to fix the database so that it doesn't kill the
> server.
well, we should perhaps be able to wait for a database going and
come back again after a minute without crashing the daemon.
Anyway, I'm now going with an increased ldap_connections_number (100 instead of 5),
and increased LDAP timeouts as well.
What about max_request_time and delete_blocked_requests -- isn't this
exactly what is needed to protect the server from being blocked?
Cheers, Martin
--
Dr. Martin Pauly Fax: 49-6421-28-26994
HRZ Univ. Marburg Phone: 49-6421-28-23527
Hans-Meerwein-Str. E-Mail: pauly at HRZ.Uni-Marburg.DE
D-35032 Marburg
More information about the Freeradius-Users
mailing list