LDAP module locks

Alan DeKok aland at ox.org
Thu Feb 9 17:56:14 CET 2006

Peter Manckok <peter_manckok at yahoo.es> wrote:
> Why don´t you use the pthread_mutex_lock function
> instead in order to wait until the connection is
> unlocked?

  Because the LDAP server may be blocked.  So waiting for the lock
means waiting for 20-30 seconds, which is unacceptabled.

  The current implementation allows the server to fail over to a
second LDAP database if all of the connections to the first one are

  Also, the configurationj limits the number of connections to the
LDAP server, to avoid overloading it with RADIUS requests.  Once the
number of connections are limited, you *have* to fail when all are in

  This makes the server more robust, because it gracefully handles
failures, rather than stopping dead.

  Alan DeKok.

More information about the Freeradius-Users mailing list