From: | David Kerr <dmk(at)mr-paradox(dot)net> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Problems Authenticating against OpenLDAP |
Date: | 2010-12-06 17:00:19 |
Message-ID: | 20101206170019.GC43436@mr-paradox.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
I've recently configured Postgres (8.3) to authenticate against OpenLDAP
this is my pg_hba.conf entry:
host all all 0.0.0.0/0 ldap "ldap://ldapserver/dc=mydomain,dc=com;uid=;,ou=postgresql,dc=mydomain,dc=com"
Things are working fine most of the time.
However, every once in a while i'm getting something along the lines of:
Dec 6 08:17:24 devcell-db1 postgres[12401]: [2-1] user=xxx.yyyyyyy,db=userdb,trans=0[] LOG: LDAP login failed for user
"uid=xxx.yyyyyyy,ou=postgresql,dc=mydomain,dc=com" on
Dec 6 08:17:24 devcell-db1 postgres[12401]: [2-2] server "ldapserver": error code -1
The problem is, i'm not seeing a corresponding error on the OpenLDAP side.
Also, it seems like this only happens under load, like if someone does a unit test that
connects to the database 100 times in a few seconds.
Has anyone dealt with this? I've been trying to tune OpenLDAP to handle more
concurrent connections, but without much success. i've set in my
/etc/openldap/slapd.conf
threads 32
concurrency 100
and in
/etc/ldap.conf
threads 100
idle_timelimit 60
bind_timelimit 120
The fact that it's not even logging the failure worries me, like
something's causing the request not even to hit the server.
Any ideas would be greatly appreciated.
Thanks
Dave
From | Date | Subject | |
---|---|---|---|
Next Message | Radosław Smogura | 2010-12-06 18:03:59 | Re: Problems Authenticating against OpenLDAP |
Previous Message | Florian Weimer | 2010-12-06 15:49:05 | Re: encode(bytea_value, 'escape') in PostgreSQL 9.0 |