rlm_ldap error "All ldap connections are in use"
Alexander Clouter
alex at digriz.org.uk
Tue Feb 8 20:05:49 CET 2011
Maresca, Steven <steven.maresca at uconn.edu> wrote:
>
> I'm experiencing rlm_ldap errors "All ldap connections are in use"
> fairly regularly, even after adjusting 'ldap_connections_number' in
> radiusd.conf to a fairly high value.
>
> Aside from failed authentications corresponding with these errors,
> everything is behaving properly. The LDAP server itself is responding
> correctly when queried, and it is running on localhost.
>
> Any suggestions for alleviating congestion or otherwise preventing
> this problem?
>
Although it might be local and 'working', the queries you make against
the LDAP server could be taking 5 seconds a piece (which sounds like the
effect of the problem you are experiencing).
Check that you are not making needlessly expensive lookups on your LDAP
server, such as:
----
(&(uid=bob)(accountstate=enabled))
----
When instead you should use:
----
(&(objectclass=user)(uid=bob)(accountstate=enabled))
----
As well as checking that your queries are sane, also check that your
LDAP database is properly indexed.
Speak to your local LDAP admin for advice.
Cheers
--
Alexander Clouter
.sigmonster says: That that is is that that is not is not.
More information about the Freeradius-Users
mailing list