(RADIATOR) LDAP, Radiator and Single Threads

Steve Phillips steve at focb.co.nz
Tue Sep 27 00:45:54 CDT 2005


Hey There,

We are experiencing some interesting behaviour when performing LDAP 
queries with Radiator.

When a user Authenticates we query an LDAP database to check the 
username/password.

If the user password is incorrect the LDAP server waits for three 
seconds before it sends the Reject back - This is a policy that is 
designed to prevent brute force attempts and sadly we are unable to 
change the policy.

As such, it appears that the Radiator process blocks until it gets the 
reply from LDAP which means it stops servicing requests for three seconds

This in turn leads to a Denial of service of a sort every time someone 
uses an incorrect username/password pair.

We are assuming that this is due to Radiator being run as a single 
threaded process, would this be correct ? and if so, how would we solve 
this problem ?

-- 
Steve.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list