[Dovecot] 1.0.rc10 status report
"Αποστόλης Παπαγιαννάκη
"Αποστόλης Παπαγιαννάκη
Mon Oct 23 14:17:56 UTC 2006
>> Axel Thimm wrote:
>>
>>> On Mon, Oct 23, 2006 at 11:04:18AM +0300, "?????????
>>> ????????????? (Apostolis Papagiannakis)" wrote:
>>>
>>>
>>>> I've had similar "User unknowns" with nscd in the past. I was using
>>>> dovecot ->getpwent -> nscd -> nss_ldap -> LDAP.
>>>>
>>>>
>>> Are you using ldapi?
>>>
>>>
>> Oops, I think I sent my previous post with unreadable HTML formating. I
>> hope this one is OK.
>>
>> In /etc/ldap.conf (nss_ldap conf file) I use two ldap servers as
>> "ldaps" URIs.
>>
>> # /etc/ldap.conf
>> uri ldaps://ldap1.auth.gr/ ldaps://ldap2.auth.gr/
>>
>> apap
>>
>>
>
> You need to make sure that the user nscd is running as has proper
> permissions to the required resources (r/w on ldapi sockets, read on
> ldaps' ca certs and the like). Turn on the debug level in ldap.conf
> (nss_ldap's, not openssl's) and sudo to the nscd user/group to test
> the access.
>
> Also nscd doesn't use rootbinddn, it uses binddn.
>
I think file permissions have always been ok because nscd and
nss_ldap usually work ok. The problem appears only when the ldap
connection breaks (e.g. remote ldap server restart). We don't use
rootbinddn at all.
Anyway I just checked the latest version of nss_ldap and now I see
interesting new relevant options are available (e.g. nss_connect_policy
persist/oneshot). I will give it a try and respond back in a few days.
Definately nss_ldap's bad behaviour is not really a dovecot problem.
Dovecot has been rock solid here serving 30000 users (4000 different
active users every day) on a single server.
apap
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5890 bytes
Desc: S/MIME Cryptographic Signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20061023/176b5ecc/attachment.bin
More information about the dovecot
mailing list