[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Server causing panic?



On Thursday 01 August 2002 05:08, Adam Williams wrote:
> >From experience, there is no actual lockout, but the clients are actually
> >waiting for an answer from the ldap server, which of course doesn't come.
> >They usually have a timeout configured somewhere, and if this timeout is
> >long, then your client machines could wait up to one hour for an answer
> > from the ldap server.  Try setting the timeout in your ldap.conf and
> > pam_ldap.conf files to something short, like 5 or 10 seconds.  eg:
> > "timelimit 5"
>
> What platform?  Is an nss cache running, such as nscd?  nss calls are
> blocking, so a 'hang' is normal,  but in a perfect world it should time
> out (of course, and then potentially crash).

SuSE Linux Professional 7.3 and 8.0, tested with openLDAP 1.2.13 and 2.0.23.
Yes, nscd does run, we have the cache cleaned out every 60 seconds for
passwords and every 1 hour for group info, so it has virtually no effect on
authentication, which is what I think Caylan wanted to do.

One question, what do you mean by crash?  If the ldap server fails to answer,
and the users password is only on the server, the authentication fails and
the user cant log in.  From what I see, nothing "crashes".

Ian
PS: Any subsequent answers to this that are necessary from me will probably
come tomorrow....