Luis Daniel Lucio Quiroz wrote:
> Hi there, it's me again
> Well as many of you knows, I have a squid+ldap+digest_auth implementation.
> However I've realize that there are an excess of this logs:
>
> digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
> digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
> digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
> digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
> digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
> digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
>
> I know that this means that someone is trying to authenticate with an user
> that it does not exists in ldap. However they are so many and I afraid that
> this could be a cause that slows internet surfering because squid wates its
> time looking for something it does not exists.
>
> I dont know usernames users try. I just wonder if there is a way to tell
> squid to ignore usernames that they doesnt exists.
>
> Maybe an external ACL with 2 days cache?
>
> LD
Not sure if it will help. You probably want to find out where all these
bad requests are coming from and handle the problem. Adding a TTL is
just a bandaid.
If you are using external_acl_type directive as part of your ath you can
add some efficiency with the ttl= and negative_ttl= options (the number
of seconds to cache the results).
Amos
-- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 Current Beta Squid 3.1.0.13Received on Sat Sep 26 2009 - 00:02:46 MDT
This archive was generated by hypermail 2.2.0 : Mon Sep 28 2009 - 12:00:03 MDT