[Auth_ldap] auth_ldap tweaks?
dchan at mail.cdmnetworks.com
Thu Nov 30 12:23:10 PST 2000
I've recently been trying four different versions of auth_ldap.
184.108.40.206 (came with the dell powerapp, and has a size of about 28k)
220.127.116.11, 1.4.6, 1.5.0 (these all compiled with Netscape libs and work to an extent)
What I'm seeing under load is that I authenticate for every flow from the page (graphics).
This appears to be instigating a 3-bind per image condition which is immune to caching (the words "authenticated from cache" never show up and there are a flurry of binds).
Early on I was using 1.4.3, and I would see it reach 255 client connections to the directory server, and then it would lock-out any other auth requests (I'm thinking it's a defined param in the /usr/include/apache/httpd.h, HARD_SERVER_LIMIT, which on a *nix box is usually 256)
I'm running apache 1.3.12, with the following params:
require group cn=Administrators, o=cdmnetworks.com
Under a load of less than 10 binds/sec, with fewer than 255 active connections to the directory server things work fine, but higher than that and authentication skids out bad.
When I can authenticate to a group with geninue "uid" objects things work really well (caching, etc), but 99% of all authentications are being made against groups of uniquenames.
BTW...I'm compiling/running this module on a RH 6.2 distro, and compiling on one line using apxs after dancing with the Makefile for too long and not getting anywhere. If it helps explain my problems, here is the line I used:
/usr/sbin/apxs -I/home/dchan/mozilla/dist/Linux2.2.14-5.0_x86_DBG.OBJ/include -L/home/dchan/mozilla/dist/Linux2.2.14-5.0_x86_DBG.OBJ/lib -lldap -llbe
r -i -a -c auth_ldap.c auth_ldap_config.c auth_ldap_cache.c
More information about the Auth_ldap