rlm_ldap error "All ldap connections are in use"

Maresca, Steven steven.maresca at uconn.edu
Tue Feb 8 20:15:08 CET 2011


I am the LDAP admin :).
The lookup being performed is simply existence of the uid, and no more. Queries to the LDAP server are essentially instantaneous and indexing is on uid. 

That's why this is particularly curious - the LDAP server is operating perfectly by every metric, but freeradius rlm_ldap is running out of connections in its pool.

-s
________________________________________
From: freeradius-users-bounces+steven.maresca=uconn.edu at lists.freeradius.org [freeradius-users-bounces+steven.maresca=uconn.edu at lists.freeradius.org] On Behalf Of Alexander Clouter [alex at digriz.org.uk]
Sent: Tuesday, February 08, 2011 2:05 PM
To: freeradius-users at lists.freeradius.org
Subject: Re: rlm_ldap error "All ldap connections are in use"

Maresca, Steven <steven.maresca at uconn.edu> wrote:
>
> I'm experiencing rlm_ldap errors "All ldap connections are in use"
> fairly regularly, even after adjusting 'ldap_connections_number' in
> radiusd.conf to a fairly high value.
>
> Aside from failed authentications corresponding with these errors,
> everything is behaving properly. The LDAP server itself is responding
> correctly when queried, and it is running on localhost.
>
> Any suggestions for alleviating congestion or otherwise preventing
> this problem?
>
Although it might be local and 'working', the queries you make against
the LDAP server could be taking 5 seconds a piece (which sounds like the
effect of the problem you are experiencing).

Check that you are not making needlessly expensive lookups on your LDAP
server, such as:
----
(&(uid=bob)(accountstate=enabled))
----

When instead you should use:
----
(&(objectclass=user)(uid=bob)(accountstate=enabled))
----

As well as checking that your queries are sane, also check that your
LDAP database is properly indexed.

Speak to your local LDAP admin for advice.

Cheers

--
Alexander Clouter
.sigmonster says: That that is is that that is not is not.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list