rlm_ldap error "All ldap connections are in use"

Alexander Clouter alex at digriz.org.uk
Tue Feb 8 20:05:49 CET 2011


Maresca, Steven <steven.maresca at uconn.edu> wrote:
>
> I'm experiencing rlm_ldap errors "All ldap connections are in use" 
> fairly regularly, even after adjusting 'ldap_connections_number' in 
> radiusd.conf to a fairly high value.
>
> Aside from failed authentications corresponding with these errors, 
> everything is behaving properly. The LDAP server itself is responding 
> correctly when queried, and it is running on localhost.
> 
> Any suggestions for alleviating congestion or otherwise preventing 
> this problem?
> 
Although it might be local and 'working', the queries you make against 
the LDAP server could be taking 5 seconds a piece (which sounds like the 
effect of the problem you are experiencing).

Check that you are not making needlessly expensive lookups on your LDAP 
server, such as:
----
(&(uid=bob)(accountstate=enabled))
----

When instead you should use:
----
(&(objectclass=user)(uid=bob)(accountstate=enabled))
----

As well as checking that your queries are sane, also check that your 
LDAP database is properly indexed.

Speak to your local LDAP admin for advice.

Cheers

-- 
Alexander Clouter
.sigmonster says: That that is is that that is not is not.




More information about the Freeradius-Users mailing list