[Dovecot] Parallel auth

Bernhard Schmidt berni at birkenwald.de
Fri Jul 22 09:42:33 EEST 2011


Hello,

we run a Dovecot 2.0.13 instance purely as SASL backend for Postfix,
authenticating against a local passwd-file and our central LDAP
database.

# dovecot -n
# 2.0.13: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32.36-0.5-default x86_64 SUSE Linux Enterprise Server 11
# (x86_64)
auth_mechanisms = plain login
auth_verbose = yes
passdb {
  args = /etc/dovecot/dovecot-passwd
  driver = passwd-file
}
passdb {
  args = /etc/dovecot/dovecot-ldap-simauth.conf.ext
  driver = ldap
}
protocols = none
service auth {
  unix_listener /var/spool/postfix-postout/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
ssl = no

There is only a single user in the passwd-file for monitoring. We
monitor authentication delays for both this local user and one user from
LDAP.

Due to a firmware bug, our six-figures NAS causes extremely high LDAP
delays (in the range of 20-60 seconds, instead of the usual 50ms) once
an hour. The weird thing is, I also see these delays in the graph for
the local user. Which got me thinking

* are authentication requests handled serially by dovecot/auth?
* any way to solve this situation for the local user (not to be blocked
  by the delayed LDAP query)?
* any way to solve this situation for LDAP users? We could possibly do
  some loadbalancing if the auth-daemon opened several LDAP connections

Thanks,
Bernhard



More information about the dovecot mailing list