Re: [squid-users] Too many ldap tryes

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 26 Sep 2009 12:02:41 +1200

Luis Daniel Lucio Quiroz wrote:
> Hi there, it's me again
> Well as many of you knows, I have a squid+ldap+digest_auth implementation.
> However I've realize that there are an excess of this logs:
>
> digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
> digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
> digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
> digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
> digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
> digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
>
> I know that this means that someone is trying to authenticate with an user
> that it does not exists in ldap. However they are so many and I afraid that
> this could be a cause that slows internet surfering because squid wates its
> time looking for something it does not exists.
>
> I dont know usernames users try. I just wonder if there is a way to tell
> squid to ignore usernames that they doesnt exists.
>
> Maybe an external ACL with 2 days cache?
>
> LD

Not sure if it will help. You probably want to find out where all these
bad requests are coming from and handle the problem. Adding a TTL is
just a bandaid.

If you are using external_acl_type directive as part of your ath you can
add some efficiency with the ttl= and negative_ttl= options (the number
of seconds to cache the results).

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19
   Current Beta Squid 3.1.0.13
Received on Sat Sep 26 2009 - 00:02:46 MDT

This archive was generated by hypermail 2.2.0 : Mon Sep 28 2009 - 12:00:03 MDT