[Auth_ldap] auth_ldap tweaks?

dchan dchan at mail.cdmnetworks.com
Thu Nov 30 12:23:10 PST 2000 

I've recently been trying four different versions of auth_ldap. 
1.4.0.3 (came with the dell powerapp, and has a size of about 28k)
1.4.4.3, 1.4.6, 1.5.0 (these all compiled with Netscape libs and work to an extent)

What I'm seeing under load is that I authenticate for every flow from the page (graphics).
This appears to be instigating a 3-bind per image condition which is immune to caching (the words "authenticated from cache" never show up and there are a flurry of binds). 

Early on I was using 1.4.3, and I would see it reach 255 client connections to the directory server, and then it would lock-out any other auth requests (I'm thinking it's a defined param in the /usr/include/apache/httpd.h, HARD_SERVER_LIMIT, which on a *nix box is usually 256)

I'm running apache 1.3.12, with the following params:
(from httpd.conf)
KeepAlive Off
MinSpareServers 30
MaxSpareServers 512
StartServers 64
MaxClients 256
MaxRequestsPerChild 0

AuthLDAPCacheSize -1
AuthLDAPOpCacheSize -1

<Directory "/home/httpd/html">
Options -Indexes
<Limit HEAD>
  require valid-user
</Limit>
AuthName "Testing"
AuthType Basic
AuthLDAPAuthoritative on
AuthLDAPBindDN "cn=DirectoryManager"
AuthLDAPBindPassword foobarblatz
AuthLDAPURL ldap://127.0.0.1:389/o=cdmnetworks.com?uid?
require group cn=Administrators, o=cdmnetworks.com
</Directory>

Under a load of less than 10 binds/sec, with fewer than 255 active connections to the directory server things work fine, but higher than that and authentication skids out bad.

When I can authenticate to a group with geninue "uid" objects things work really well (caching, etc), but 99% of all authentications are being made against groups of uniquenames.

BTW...I'm compiling/running this module on a RH 6.2 distro, and compiling on one line using apxs after dancing with the Makefile for too long and not getting anywhere. If it helps explain my problems, here is the line I used:

/usr/sbin/apxs -I/home/dchan/mozilla/dist/Linux2.2.14-5.0_x86_DBG.OBJ/include -L/home/dchan/mozilla/dist/Linux2.2.14-5.0_x86_DBG.OBJ/lib -lldap -llbe
r -i -a -c auth_ldap.c auth_ldap_config.c auth_ldap_cache.c

More information about the Auth_ldap mailing list