ldap server connection timeout
Alexander Clouter
alex at digriz.org.uk
Tue May 3 21:56:12 CEST 2011
Daniel Davidson <danield at igb.uiuc.edu> wrote:
>
> My new wireless network tested great, but now that I have rolled it out
> to the entire building, I get error messages like:
>
> Mon May 2 15:15:06 2011 : Error: rlm_ldap: ldap_search() failed: Timed
> out while waiting for server to respond. Please increase the timeout.
>
> And when these trigger, nearly everyone gets disconnected for about 5
> seconds. Possible relevant code from ldap module:
>
> ldap {
> #private stuff <-- BUT CRUCIAL!
> ldap_connections_number = 15
> timeout = 10
> timelimit = 10
> net_timeout = 5
> }
>
> The only existing firewalls are on the machines themselves and the ip
> range of the servers are open with each other. Any ideas?
>
I am guessing your LDAP server is *way* too slow when processing the
queries are making it munch through. Typical 'first-timer' mistakes are
that you are not indexing the important attribtues. For example our
filter looks like:
filter = "(&(objectClass=Person)(|(businessCategory=staff)(businessCategory=student)(cn=avg*))(|(!(loginDisabled=*))(loginDisabled=FALSE))(cn=%{Stripped-User-Name}))"
This takes ~0.02s to respond for us, how long does it take to process
the query at your end (test with the following and remember to test
the server when it is under load, which is probably why it worked
before you widely deployed it):
----
time ldapsearch -h ldap-server.example.com -x -LLL '<query>'
----
Where <query> is what you see FreeRADIUS make in the output of 'radiusd
-X'.
Cheers
--
Alexander Clouter
.sigmonster says: "Out of register space (ugh)"
-- vi
More information about the Freeradius-Users
mailing list