[Dovecot] Intermitent ldap auth problems benchmarking dovecot
Antonio Perez-Aranda
aperezaranda at yaco.es
Tue Apr 12 15:11:53 EEST 2011
Have you test with auth cache?
I get very good results with this options:
auth_cache_size = 10M
auth_cache_ttl = 60
auth_cache_negative_ttl = 180
2011/4/12 Maria Arrea <maria_arrea at gmx.com>:
> Hello
>
> We are using SLAMD (Distributed Load Generation Engine, www.slamd.com) to benchmark our dovecot server (ldap auth). We are simulating 2.000 simultaneous logins and 20% of them fail. We saw the following errors in the log:
>
>
> Apr 12 09:40:07 buzon dovecot: auth: Error: ldap(correo,192.168.4.153): Request queue is full (oldest added 1 secs ago)
> Apr 12 09:40:07 buzon dovecot: auth: Error: ldap(correo,192.168.4.153): Request queue is full (oldest added 1 secs ago)
> Apr 12 09:40:07 buzon dovecot: auth: Error: ldap(correo,192.168.4.153): Request queue is full (oldest added 1 secs ago)
>
>
> We increased auth_worker_max_count from 350 to 3500 (10x increase). Now we see the following errors (still 20% of logins fail):
>
>
> Apr 12 10:14:45 buzon dovecot: imap-login: Internal login failure (pid=29016 id=24783) (auth failed, 1 attempts): user=<correo>, method=PLAIN, rip=192.168.4.153, lip=192.168.4.80, mpid=21284
> Apr 12 10:14:45 buzon dovecot: imap-login: Internal login failure (pid=29016 id=24784) (auth failed, 1 attempts): user=<correo>, method=PLAIN, rip=192.168.4.153, lip=192.168.4.80, mpid=21286
>
>
> What are we doing wrong? We expect 1000 simultaneous imap sessions, we have 65.000 mailboxes.
>
>
> This is our doveconf -n output
>
> # 2.0.11: /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.18-238.5.1.el5 x86_64 Red Hat Enterprise Linux Server release 5.6 (Tikanga) ext4
> auth_debug = yes
> auth_master_user_separator = *
> auth_mechanisms = plain login
> auth_worker_max_count = 3500
> base_dir = /var/run/dovecot/
> default_client_limit = 5000
> default_process_limit = 6500
> disable_plaintext_auth = no
> imap_client_workarounds = tb-extra-mailbox-sep delay-newmail
> lda_mailbox_autocreate = yes
> lda_mailbox_autosubscribe = yes
> mail_fsync = never
> mail_gid = entrega
> mail_home = /buzones/%2.26Hn/%2.200Hn/%n/
> mail_location = mdbox:/buzones/%2.26Hn/%2.200Hn/%n:INDEX=/indices_dovecot/indices/%2.26Hn/%2.200Hn/%n
> mail_max_userip_connections = 15000
> mail_plugins = " zlib acl"
> mail_uid = entrega
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date
> mdbox_rotate_interval = 1 days
> mdbox_rotate_size = 60 M
> passdb {
> args = /etc/dovecot/dovecot-ldap.conf
> driver = ldap
> }
> passdb {
> args = /etc/usuario_maestro.txt
> driver = passwd-file
> master = yes
> }
> passdb {
> args = /etc/dovecot/dovecot-ldap.conf
> driver = ldap
> }
> plugin/acl = vfile
> plugin/quota = dict:Cuota de usuario::file:/buzones/cuotas/%n
> plugin/quota_rule2 = Trash:storage=+10%%
> plugin/quota_warning = storage=95%% /usr/local/bin/quota-warning.sh 95
> plugin/quota_warning2 = storage=80%% /usr/local/bin/quota-warning.sh 80
> plugin/sieve = /buzones/%2.26Hn/%2.200Hn/%n/dovecot.sieve
> plugin/sieve_dir = /buzones//%2.26Hn/%2.200Hn/%n/sieve/
> plugin/zlib_save = gz
> plugin/zlib_save_level = 9
> protocols = pop3 imap sieve
> service anvil {
> client_limit = 25000
> }
> service auth {
> client_limit = 28000
> unix_listener auth-master {
> user = entrega
> }
> unix_listener auth-userdb {
> user = entrega
> }
> user = root
> }
> service imap-login {
> executable = /usr/libexec/dovecot/imap-login
> group = dovenull
> service_count = 0
> }
> service imap {
> executable = /usr/libexec/dovecot/imap
> process_limit = 6000
> }
> service managesieve-login {
> executable = /usr/libexec/dovecot/managesieve-login
> inet_listener sieve {
> port = 2000
> }
> process_limit = 2000
> }
> service managesieve {
> executable = /usr/libexec/dovecot/managesieve
> process_limit = 5000
> }
> service pop3-login {
> executable = /usr/libexec/dovecot/pop3-login
> process_limit = 4000
> service_count = 0
> }
> service pop3 {
> executable = /usr/libexec/dovecot/pop3
> process_limit = 4000
> }
> ssl_ca = </etc/pki/generico/cacert.crt.pem
> ssl_cert = </etc/pki/generico/wildcard.crt
> ssl_key = </etc/pki/generico/wildcard-key.pem
> userdb {
> args = /etc/dovecot/dovecot-ldap.conf
> driver = ldap
> }
> userdb {
> args = /etc/dovecot/dovecot-ldap-userdb.conf
> driver = ldap
> }
> verbose_proctitle = yes
> protocol sieve {
> managesieve_implementation_string = dovecot
> managesieve_logout_format = bytes=%i/%o
> managesieve_max_line_length = 65536
> }
> protocol lda {
> hostname = us.es
> info_log_path =
> log_path =
> mail_fsync = optimized
> mail_plugins = sieve zlib
> postmaster_address = evcorreo at domain.es
> syslog_facility = mail
> }
> protocol imap {
> mail_plugins = zlib
> }
> protocol pop3 {
> mail_plugins = zlib
> pop3_enable_last = yes
> pop3_uidl_format = %g
> }
>
--
Antonio Pérez-Aranda Alcaide
aperezaranda at yaco.es
Yaco Sistemas S.L.
http://www.yaco.es/
C/ Rioja 5, 41001 Sevilla
Teléfono +34 954 50 00 57
Fax +34 954 50 09 29
More information about the dovecot
mailing list