Hello Christian,

So, based on this feedback I have tried configuring the following:

ldap:
  config:
    server_uri:
        …
    number_of_workers: 8
    lookup_pool_size: 4
    lookup_idle_pool_size: 4
    auth_pool_size: 4
    auth_idle_pool_size: 4

This seems to, indeed, help, but not for long.
After restarting Nauthilus and watching the logs with a low volume of traffic, for the first few minutes everything seems to be working as expected.
Then, at some point, I start to get LDAP lookup failures and then these continue. At this point I stop new traffic to the server and suspend the test. I have done this a few times.

I do not directly have the resources to build a new release myself (mainly the time to setup a build server and figure out what I need).
I hope my last mail is still of some value. I will try to take a look at the last commits and review the diff.

Thanks for all your assistance and what I do hope will become a very useful tool for us in the area of Authentication and Authorization, the possibilities are exciting.

Regards,

Chris

From: Christian Rößner via Nauthilus-users <nauthilus-users@lists.nauthilus.org>
Sent: Wednesday, December 17, 2025 12:01
To: Christopher Moules <Christopher.Moules@post.lu>
Cc: Main list for Nauthilus users <nauthilus-users@lists.nauthilus.org>
Subject: [Nauthilus-users] Re: Why do I get "passdb_backend=unknown" for a subset of requests
 
ATTENTION: Ce mail provient de l'extérieur de Post. Ne cliquez pas sur les liens ou n'ouvrez pas les pièces jointes à moins de connaitre l'expéditeur et d'être sûr que le contenu est inoffensif. En cas de doute sur son origine ou si vous pensez qu'il est suspect, nous vous prions de rapporter cet évènement par email à cybersos@post.lu.


Hi,

I found an issue with the LDAP pool management and have fixed it.

As a small workaround:

Could you set the *_pool_size and *_idle_pool_size parameters to higher values? Set the idde-params to the same values as the non-idle ones.

If it gets better, my fix might be correct. Still waiting for the crash dump. I would like to see, if it addresses to „closing idle connection“.

I am testing the code changes today and if no further errors occur will release a hot fix tomorrow. The code is already committed in main, if you want to give it a try.

Kind regards

Christian

Could these "busy or closed" LDAP instances #3-#8 be causing the "unknown" backend?

I don’t think so, but of course I will investigate this.

What I see from the logs is that LDAP is telling you that it did not find the user: UserFound:false

Do you see LDAP-filter logs? If so, can you manually check if that filter works?

Kind regards

Christian

Rößner-Network-Solutions
Zertifizierter ITSiBe / CISO
Marburger Str. 70a, 36304 Alsfeld
Mobil: +49 171 9905345
USt-IdNr.: DE225643613, https://roessner.website
PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5

Nauthilus-users mailing list -- nauthilus-users@lists.nauthilus.org
To unsubscribe send an email to nauthilus-users-leave@lists.nauthilus.org

Rößner-Network-Solutions
Zertifizierter ITSiBe / CISO
Marburger Str. 70a, 36304 Alsfeld
Mobil: +49 171 9905345
USt-IdNr.: DE225643613, https://roessner.website
PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5