[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Crashes with 1.0.4/1.0.5, 	perhaps connected with slow LDAP
From:       Martin Pauly <pauly () hrz ! uni-marburg ! de>
Date:       2005-09-29 9:16:58
Message-ID: 200509291116.58704.pauly () hrz ! uni-marburg ! de
[Download RAW message or body]

>   Yes.  If all of the threads are blocked forever, waiting for the DB
> to return data, then the queue of requests grows without bounds.  At
> some point, the server says "I'm not making progress, and I can't
> recover from this", and kills itself.
hm, I thought the timeout values were for this, but I now understand
that an LDAP communication might get stuck halfway, thus _not_ 
triggering a timeout event.

>   Since the server is *already* effectively dead at that point, it
> makes no difference to your network.
>
>   The solution is to fix the database so that it doesn't kill the
> server.
well, we should perhaps be able to wait for a database going and
come back again after a minute without crashing the daemon.

Anyway, I'm now going with an increased ldap_connections_number (100 instead of 5),
and increased LDAP timeouts as well. 
What about max_request_time and delete_blocked_requests -- isn't this
exactly what is needed to protect the server from being blocked?

Cheers, Martin

-- 
  Dr. Martin Pauly     Fax:    49-6421-28-26994            
  HRZ Univ. Marburg    Phone:  49-6421-28-23527
  Hans-Meerwein-Str.   E-Mail: pauly@HRZ.Uni-Marburg.DE  
  D-35032 Marburg                                                           
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]