[Dovecot] "ldap_result() failed: Can't contact LDAP server" log messages
Mike Brudenell
pmb1 at york.ac.uk
Fri Mar 9 14:33:47 EET 2007
Greetings -
On 9 Mar 2007, at 12:15, Timo Sirainen wrote:
> Is there a reason why these config files are separate? That causes
> it to
> create two LDAP connections. If you used the same config file it would
> create only one LDAP connection.
Yes: you tell us to! :-) ...
1. We are using "auth_bind = yes" to validate passwords, and
2. Our LDAP server does not allow anonymous searches, so I am
setting auth_bind_userdn to login with appropriate credentials.
The comment in dovecot-ldap.conf says this:
# If authentication binding is used, you can save one LDAP request
per login
# if users' DN can be specified with a common template. The template
can use
# the standard %variables (see user_filter). Note that you can't
# use any pass_attrs if you use this setting.
#
# If you use this setting, it's a good idea to use a different
# dovecot-ldap.conf for userdb (it can even be a symlink, just as
long as the
# filename is different in userdb's args). That way one connection is
used only
# for LDAP binds and another connection is used for user lookups.
Otherwise
# the binding is changed to the default DN before each user lookup.
>> I'm wondering if Dovecot is trying to hold the connection open but,
>> after a timeout of 5 minutes of inactivity, the LDAP server is
>> closing it and causing Dovecot to log this message.
>
> I guess it's that. But I think it's invisible to users? Dovecot should
> reconnect to the server and retry the request instead of giving some
> "internal authentication failure".
I've just spoken to our LDAP Guru who runs the servers and he tells
me that the system is indeed set up to close the connection after it
has been idle for 300 seconds (5 minutes). :-)
I don't actually know at present: but so far I've not noticed any
problems authenticating myself. I'm guessing Dovecot finds the
connection closed (logs the 'inappropriate' error message :-) and
then reconnects?
> Maybe you could also configure the LDAP server to not disconnect
> Dovecot's connection?
Unfortunately I don't have control of the LDAP servers: that's
another group's territory. :-)
Cheers,
Mike B-)
--
The Computing Service, University of York, Heslington, York Yo10 5DD, UK
Tel:+44-1904-433811 FAX:+44-1904-433740
* Unsolicited commercial e-mail is NOT welcome at this e-mail address. *
More information about the dovecot
mailing list