1) At first, we started the following processes 2004/01/08 17:11:56| helperOpenServers: Starting 10 'squid_ldap_auth' processes 2004/01/08 17:11:57| helperOpenServers: Starting 5 'squid_ldap_group' processes
And we got this in the cache.log 2004/01/08 17:12:01| FD 58 Closing HTTP connection 2004/01/08 17:12:01| externalAclLookup: 'ldapgroup' queue overload 2004/01/08 17:12:01| externalAclLookup: 'ldapgroup' queue overload
Indeed when we tried to authentify users some where recognized and authorized and others (from other groups) weren't granted the internet access (although they were in an authorized group).
2) Thus we decided to start a few more processes (50 squid_ldap_auth and 15 squid_ldap_group)
At this time a couple of users that where formerly denied the internet access were allowed to have the access. But some of the people that could access the web before were then denied it ?
3) Finally, we intended to set only a limited number of LDAP group (4-5) in the squid.conf acl group_Internet external ldapgroup GR-I-group1 GR-I-group2 GR-I-group3 GR-I-group4
Here we have had absolutely no pb to authentify the users and grant the access rights.
=====> Our questions are : a)Is there a ratio of processes numbers between - the number of potential users - the number of squid_ldap_auth processes - the number of squid_ldap_group processes - the number of groups we have in our squid.conf
b) Is there a maximum LDAP groups we can search through ?
Thanks
Henrik Nordstrom wrote:
As an information in the squid.conf we have this message: *externalAclLookup: ' ldapgroup' tail overload*
Explanation please.
