[Dovecot] LDAP authentication stops working...

Gavin Henry ghenry at suretecsystems.com
Tue Jan 9 09:54:01 UTC 2007


<quote who="Adrian Close">
> Hi all,
>
> I'm running dovecot-1.0.rc17 on OpenBSD 3.9, using userdb and passdb
> methods of "ldap" (SSL on 636/tcp) in addition to "passwd".
>
> Occasionally (generally after a few hours of operation, but not always),
> LDAP-based logins stop working (e.g. hang/timeout after POP3 PASS
> command).  Accounts with local passwords (as opposed to accounts with a
> password field of "x") still work fine at this point.

We also get this. Twice a day we have to restart dovecot, using userdb and
passdb via LDAP, with userdb_prefetch.

Also, if you shutdown dovecot and try and restart OpenLDAP, the dovecot
ldap bind/thread is still open and OpenLDAP sits there waiting for it.

I've discussed this with the OpenLDAP dev team, and they suggested
attaching gdb to the slapd pid and seeing what's going on.

Any ideas from the dovecot side?

>
> 'tcpdump' shows the persisient 636/tcp connection still with bidirectional
> traffic (PUSH/ACKs and ACKs like normal).
>
> After restarting Dovecot, things are fine until next time.

Likewise.

>
> I guess I could try and get login_ldap working with bsdauth, but if
> there's an issue in the Dovecot LDAP support I'd like to see it fixed.

I agree. We are the only ones using dovecot this way, all our other
clients use nssldap and pamldap, and there are no probs with dovecot that
way.


> P.S.  I note the LDAP timeout logging patch but it won't apply easily to
> rc17 and I'm hoping the issue has progressed since then anyway...

Oh, never tried that.


-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry at suretecsystems.com

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/



More information about the dovecot mailing list