Luis Daniel Lucio Quiroz wrote:
Hi there, it's me again
Well as many of you knows, I have a squid+ldap+digest_auth implementation.
However I've realize that there are an excess of this logs:
digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
I know that this means that someone is trying to authenticate with an user
that it does not exists in ldap. However they are so many and I afraid that
this could be a cause that slows internet surfering because squid wates its
time looking for something it does not exists.
I dont know usernames users try. I just wonder if there is a way to tell
squid to ignore usernames that they doesnt exists.
Maybe an external ACL with 2 days cache?
LD
Not sure if it will help. You probably want to find out where all these
bad requests are coming from and handle the problem. Adding a TTL is
just a bandaid.
If you are using external_acl_type directive as part of your ath you can
add some efficiency with the ttl= and negative_ttl= options (the number
of seconds to cache the results).
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19
Current Beta Squid 3.1.0.13
