[Dovecot] 1.0.rc13 released
Gábor Lénárt
lgb at lgb.hu
Mon Nov 13 10:52:01 UTC 2006
On Mon, Nov 13, 2006 at 10:11:52AM +0100, Steffen Kaiser wrote:
> + unbind() when I do not intend to use the LDAP connection in the script
> anymore, e.g. after authentification is done and the data has been read
> (LDAP retrieval done),
> + re- bind() when I start a new LDAP retrieval (most often, an anonymous
> bind in order to find the user logging in),
> + when bind() or the first the search fails with "pending blah blah" or
> "unwilling to perform", I drop the LDAP connection and reconnect, then
> bind() and, eventually, search again.
In my tpop3d auth module, I do this, eg on LDAP error returned and this is
not handled one (ie: bad credentials should means wrong password, so not in
this case, but other errors) then reissue the whole stuff, with some kind of
loop counter and timeout value. However during my very heavy test load,
there was no even a single LDAP error. Sure, I close and reopen (and bind)
LDAP connection each time so maybe this does the trick even if it's far from
ideal in performance (as I've written even with this 300 pop3 sessions /
second is done, even with very heavy debug logging set in OpenLDAP, tpop3d
and my auth stuff through syslog).
> None of this is necessary by the API as I understand it, but now the
> scripts almost never fail for LDAP errors.
Hmm, maybe this should be asked on OpenLDAP list .... ? I was afraid to be
off topic there, but since it seems to be a general problem with OpenLDAP
I should try that, I think now.
--
- Gábor
More information about the dovecot
mailing list