Hello Again,

 

I have just observed something that might be of value.

 

The service is working fine, until we hit the case “Login Fail – User not exist” – (at this point the LDAP filter is logged).

After this happens, I start to get many login failures where there is no “filter=” logged and existing users have ‘UserFound:false’ logged.

Multiple Nauthilus restarts with Redis flushes have shown this same behaviour and it is with different non-existing users.

 

In all cases I am seeing ‘msg="Connection #1 is free, using it"’.

It could be that the user lookup failure is somehow blocking the LDAP connection, causing future lookups to fail.

 

I am not pushing enough traffic at the server to see if ‘Connection #2’ or more do not have this issue. As soon as I see the problems, I am cutting the traffic to the server.

 

I had had a very quick look at the commit messages you made and saw that things were mainly related to LDAP pool exhaustion.

Given the above, this does not look to be that case.

I had just reconfigured my ‘nauthilus.yml’, in the light of this, to have the following:

 

ldap:

  config:

    server_uri:

        …

    number_of_workers: 16

    lookup_pool_size: 8

    lookup_idle_pool_size: 8

    auth_pool_size: 8

    auth_idle_pool_size: 8

 

When we started, I had not modified any of these settings from ‘default’. I had reduced the numbers in the hope that this may help with the issue.

 

Regards,

 

Chris

 

From: Christopher Moules via Nauthilus-users <nauthilus-users@lists.nauthilus.org>
Sent: 17 December 2025 15:07
To: Christopher Moules <Christopher.Moules@post.lu>
Cc: Main list for Nauthilus users <nauthilus-users@lists.nauthilus.org>
Subject: [Nauthilus-users] Re: Why do I get "passdb_backend=unknown" for a subset of requests

 

ATTENTION: Ce mail provient de l'extérieur de Post. Ne cliquez pas sur les liens ou n'ouvrez pas les pièces jointes à moins de connaitre l'expéditeur et d'être sûr que le contenu est inoffensif. En cas de doute sur son origine ou si vous pensez qu'il est suspect, nous vous prions de rapporter cet évènement par email à cybersos@post.lu.

 

Hello Christian,

 

So, based on this feedback I have tried configuring the following:

 

ldap:

  config:

    server_uri:

        …

    number_of_workers: 8

    lookup_pool_size: 4

    lookup_idle_pool_size: 4

    auth_pool_size: 4

    auth_idle_pool_size: 4

 

This seems to, indeed, help, but not for long.

After restarting Nauthilus and watching the logs with a low volume of traffic, for the first few minutes everything seems to be working as expected.

Then, at some point, I start to get LDAP lookup failures and then these continue. At this point I stop new traffic to the server and suspend the test. I have done this a few times.

 

I do not directly have the resources to build a new release myself (mainly the time to setup a build server and figure out what I need).

I hope my last mail is still of some value. I will try to take a look at the last commits and review the diff.

 

Thanks for all your assistance and what I do hope will become a very useful tool for us in the area of Authentication and Authorization, the possibilities are exciting.

 

Regards,

 

Chris

 

---

From: Christian Rößner via Nauthilus-users <nauthilus-users@lists.nauthilus.org>
Sent: Wednesday, December 17, 2025 12:01
To: Christopher Moules <Christopher.Moules@post.lu>
Cc: Main list for Nauthilus users <nauthilus-users@lists.nauthilus.org>
Subject: [Nauthilus-users] Re: Why do I get "passdb_backend=unknown" for a subset of requests

 

ATTENTION: Ce mail provient de l'extérieur de Post. Ne cliquez pas sur les liens ou n'ouvrez pas les pièces jointes à moins de connaitre l'expéditeur et d'être sûr que le contenu est inoffensif. En cas de doute sur son origine ou si vous pensez qu'il est suspect, nous vous prions de rapporter cet évènement par email à cybersos@post.lu.

 

Hi,

I found an issue with the LDAP pool management and have fixed it.

As a small workaround:

Could you set the *_pool_size and *_idle_pool_size parameters to higher values? Set the idde-params to the same values as the non-idle ones.

If it gets better, my fix might be correct. Still waiting for the crash dump. I would like to see, if it addresses to „closing idle connection“.

I am testing the code changes today and if no further errors occur will release a hot fix tomorrow. The code is already committed in main, if you want to give it a try.

Kind regards

Christian

Could these "busy or closed" LDAP instances #3-#8 be causing the "unknown" backend?

I don’t think so, but of course I will investigate this.

What I see from the logs is that LDAP is telling you that it did not find the user: UserFound:false

Do you see LDAP-filter logs? If so, can you manually check if that filter works?

Kind regards

Christian

Rößner-Network-Solutions
Zertifizierter ITSiBe / CISO
Marburger Str. 70a, 36304 Alsfeld
Mobil: +49 171 9905345
USt-IdNr.: DE225643613, https://roessner.website
PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5

---

Nauthilus-users mailing list -- nauthilus-users@lists.nauthilus.org
To unsubscribe send an email to nauthilus-users-leave@lists.nauthilus.org

Rößner-Network-Solutions
Zertifizierter ITSiBe / CISO
Marburger Str. 70a, 36304 Alsfeld
Mobil: +49 171 9905345
USt-IdNr.: DE225643613, https://roessner.website
PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5