In fact we have 26 LDAP groups

At first, we started the following processes
2004/01/08 17:11:56| helperOpenServers: Starting 10 'squid_ldap_auth'
2004/01/08 17:11:57| helperOpenServers: Starting 5 'squid_ldap_group'

And we got this in the cache.log
2004/01/08 17:12:01| FD 58 Closing HTTP connection
2004/01/08 17:12:01| externalAclLookup: 'ldapgroup' queue overload
2004/01/08 17:12:01| externalAclLookup: 'ldapgroup' queue overload

Indeed when we tried to authentify users some where recognized and
authorized and others (from other groups) weren't granted the internet
access (although they were in an authorized group).

Thus we decided to start a few more processes (50 squid_ldap_auth and 15

At this time a couple of users that where formerly denied the internet
access were allowed to have the access. But some of the people that
could access the web before were then denied it ?

Finally, we intended to set only a limited number of LDAP group (4-5) in
the squid.conf
acl group_Internet external ldapgroup GR-I-group1 GR-I-group2
GR-I-group3 GR-I-group4

Here we have had absolutely no pb to authentify the users and grant the
access rights.

Our questions are :
a)Is there a ratio of processes numbers between
- the number of potential users
- the number of squid_ldap_auth processes
- the number of squid_ldap_group processes
- the number of groups we have in our squid.conf

b) Is there a maximum LDAP groups we can search through ?


Henrik Nordstrom wrote:

>>As an information in the squid.conf we have this message:
>>*externalAclLookup: ' ldapgroup' tail overload*

>Explanation please.