On Fri, 9 Jan 2004, PONCIN Louis wrote:
> In fact we have 26 LDAP groups
>
> 1)
> At first, we started the following processes
> 2004/01/08 17:11:56| helperOpenServers: Starting 10 'squid_ldap_auth'
> processes
> 2004/01/08 17:11:57| helperOpenServers: Starting 5 'squid_ldap_group'
> processes
>
> And we got this in the cache.log
> 2004/01/08 17:12:01| FD 58 Closing HTTP connection
This is on shutdown.
> 2004/01/08 17:12:01| externalAclLookup: 'ldapgroup' queue overload
> 2004/01/08 17:12:01| externalAclLookup: 'ldapgroup' queue overload
What Squid version?
> 2)
> Thus we decided to start a few more processes (50 squid_ldap_auth and 15
> squid_ldap_group)
>
> At this time a couple of users that where formerly denied the internet
> access were allowed to have the access. But some of the people that
> could access the web before were then denied it ?
Should not happen, unless as indicated earlier if a request to
squid_ldap_group exceeded 256 characters.
> 3)
> Finally, we intended to set only a limited number of LDAP group (4-5) in
> the squid.conf
> acl group_Internet external ldapgroup GR-I-group1 GR-I-group2
> GR-I-group3 GR-I-group4
>
> Here we have had absolutely no pb to authentify the users and grant the
> access rights.
>
> =====>
> Our questions are :
> a)Is there a ratio of processes numbers between
> - the number of potential users
> - the number of squid_ldap_auth processes
> - the number of squid_ldap_group processes
> - the number of groups we have in our squid.conf
No, but as I said, the more groups you have, the longer squid_ldap_group
will require on each lookup, and the busier your LDAP server will be.
> b) Is there a maximum LDAP groups we can search through ?
The sum of all groups plus login name must not exceed 256 characers
(including space separator characters and newline).
Regards
Henrik
Received on Fri Jan 09 2004 - 04:32:04 MST
This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:05 MST