saslatuhd, ldap, login incorrect :(

Igor Brezac igor at ipass.net
Fri Nov 8 00:30:40 EST 2002 

On Thu, 7 Nov 2002, Felix Cuello wrote:

> On Thu, Nov 07, 2002 at 11:20:22AM -0500, Kervin L. Pierre wrote:
> > Try running ethereal and listening to the ldap traffic when the bad
> > logins occur.  Or running OpenLDAP with extra logging.
>
>
> Sorry for the long post, but... do you think that this could be the
> problem?, How can I solve that?
>
>
> Some information:
>
> model name      : Pentium III (Coppermine)
> stepping        : 6
> cpu MHz         : 996.928
> cache size      : 256 KB
>
> # free
> total       used       free     shared    buffers
> cached
> Mem:        514432     275884     238548          0
> 88024     148112
> -/+ buffers/cache:      39748     474684
> Swap:       522232          0     522232
>
>
> Felix
>
> ----/var/log/messages-----------------------
>
> v  4 18:06:52 sinclair saslauthd[29347]: ldap_search_st() failed: Timed
> out
> Nov  4 18:06:53 sinclair saslauthd[29348]: ldap_search_st() failed:
> Timed out
> Nov  4 18:06:59 sinclair saslauthd[29346]: ldap_search_st() failed:
> Timed out
> Nov  4 18:07:02 sinclair saslauthd[29347]: ldap_search_st() failed:
> Timed out
> Nov  4 18:07:05 sinclair saslauthd[29348]: ldap_search_st() failed:
> Timed out
> Nov  4 18:07:06 sinclair saslauthd[29344]: ldap_search_st() failed:
> Timed out
> Nov  4 18:07:06 sinclair saslauthd[29345]: ldap_search_st() failed:
> Timed out
> Nov  4 18:07:07 sinclair saslauthd[29346]: ldap_search_st() failed:
> Timed out
> Nov  4 18:07:20 sinclair saslauthd[29344]: ldap_search_st() failed:
> Timed out

> Nov  4 18:19:08 sinclair saslauthd[29344]: ldap_search_st() failed:
> Timed out
> Nov  4 18:19:15 sinclair saslauthd[29346]: ldap_search_st() failed:
> Timed out
> Nov  4 18:19:16 sinclair saslauthd[29347]: ldap_search_st() failed:
> Timed out
> Nov  4 18:19:20 sinclair saslauthd[29348]: ldap_search_st() failed:
> Timed out
> Nov  4 18:19:20 sinclair saslauthd[29344]: ldap_search_st() failed:
> Timed out
> Nov  4 18:39:01 sinclair saslauthd[29348]: ldap_search_st() failed:
> Timed out
> Nov  4 18:39:03 sinclair saslauthd[29344]: ldap_search_st() failed:
> Timed out
> Nov  4 18:39:03 sinclair saslauthd[29345]: ldap_search_st() failed:
> Timed out
> Nov  4 18:40:47 sinclair saslauthd[29344]: ldap_search_st() failed:
> Timed out
> Nov  4 18:40:55 sinclair saslauthd[29345]: ldap_search_st() failed:
> Timed out
> Nov  5 19:02:12 sinclair saslauthd[32617]: ldap_search_st() failed:
> Timed out
>
>

It looks like you are hitting ldap_timeout, default is 5 seconds.  You
might fix the problem if you increase the value of this parameter.

However, if your ldap query takes seconds, your clients will experience
authenication/authorization delays and/or you may run into auth failures
if you have a high number of simultaneous saslauthd authentications.
Check your ldap index configuration.

-- 
Igor

More information about the Info-cyrus mailing list