[CalendarServer-dev] [CalendarServer] #260: OpenLDAP directory service

CalendarServer trac at macosforge.org
Thu Oct 15 13:21:19 PDT 2009 

#260: OpenLDAP directory service
---------------------------------------+------------------------------------
 Reporter:  jusiskin@…                 |       Owner:  sagen@…           
     Type:  Feature                    |      Status:  new               
 Priority:  2: Expected                |   Milestone:  CalendarServer-2.x
Component:  Calendar Server            |    Severity:  Other             
 Keywords:                             |  
---------------------------------------+------------------------------------

Comment(by rahul@…):

 I have figured out the problem. I could probably say the problem is with
 the client (Thunderbird beta+Lightning). When connection to the calendar
 server fails because the username does not exist or if the authentication
 fails because the wrong password was saved in Thunderbird, the client
 should stop connecting (or try after some time). But instead it kept on
 trying to reconnect which affected the calendar server in two ways:

 1. The major affect was when clients which were configured with usernames
 not existing in the ldap directory kept trying to connect. As the username
 was not found in the cache, the entire cache for users was being refreshed
 by the ldap patch in this page. And as the client kept on trying to
 reconnect upon failure, the cache was refreshed continuously which
 increased the cpu usage tremendously.

 2. Also upon authentication failure, the client kept retrying which also
 lead to an increase in CPU usage. But this overload was not as high as in
 the previous case.

 The obvious fix is to fix the code with client (Thunderbird and/or
 Lightning). When connection fails 2 or 3 times for whatever reason
 (username does not exist, wrong password entered, etc.), connection
 attempts should be stopped.

 Also some code modification could be done on the server side to limit
 connections from such misconfigured clients so that other users do not
 face any inconvenience because of these small number of badly configured
 clients


 Replying to [comment:34 rahul@…]:
 > I would like to know whether anyone is using this patch in a production
 environment. I am using this patch with calendarserver in a company with
 about 250 users simultaneously connected with Lightning. The error log
 shows that authentication has failed for about 4-5 users and it keeps on
 retrying continuously. The calendar server process initially starts
 normally but suddenly its cpu usage goes to above 90%.
 >
 > The server is a Intel Core 2 1.86 Ghz CPU with more than 3 GB RAM.
 >
 > I am trying to figure out the possible reason for the high CPU usage.
 >
 > 1. The server configuration is not sufficient for 250 simultaneous
 users.
 > 2. The ldap patch is coded in a way which is leading to the high CPU
 usage.
 > 3. The repeated authentication attempts is leading to the high CPU
 usage.
 >
 > Any help in this regard would be highly appreciated.

-- 
Ticket URL: <http://trac.calendarserver.org/ticket/260#comment:35>
CalendarServer </>
HTTP/WebDAV/CalDAV Server

More information about the calendarserver-dev mailing list