Re: [squid-users] Limitations of Squid_ldap_group

From: PONCIN Louis <[email protected]>
Date: Fri, 09 Jan 2004 08:43:10 +0100

In fact we have 26 LDAP groups

1)
At first, we started the following processes
2004/01/08 17:11:56| helperOpenServers: Starting 10 'squid_ldap_auth'
processes
2004/01/08 17:11:57| helperOpenServers: Starting 5 'squid_ldap_group'
processes

And we got this in the cache.log
2004/01/08 17:12:01| FD 58 Closing HTTP connection
2004/01/08 17:12:01| externalAclLookup: 'ldapgroup' queue overload
2004/01/08 17:12:01| externalAclLookup: 'ldapgroup' queue overload

Indeed when we tried to authentify users some where recognized and
authorized and others (from other groups) weren't granted the internet
access (although they were in an authorized group).

2)
Thus we decided to start a few more processes (50 squid_ldap_auth and 15
squid_ldap_group)

At this time a couple of users that where formerly denied the internet
access were allowed to have the access. But some of the people that
could access the web before were then denied it ?

3)
Finally, we intended to set only a limited number of LDAP group (4-5) in
the squid.conf
acl group_Internet external ldapgroup GR-I-group1 GR-I-group2
GR-I-group3 GR-I-group4

Here we have had absolutely no pb to authentify the users and grant the
access rights.

=====>
Our questions are :
a)Is there a ratio of processes numbers between
- the number of potential users
- the number of squid_ldap_auth processes
- the number of squid_ldap_group processes
- the number of groups we have in our squid.conf

b) Is there a maximum LDAP groups we can search through ?

Thanks

Henrik Nordstrom wrote:

>>As an information in the squid.conf we have this message:
>>*externalAclLookup: ' ldapgroup' tail overload*
>>
>>
>
>Explanation please.
>
>
Received on Fri Jan 09 2004 - 00:49:02 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:05 MST