[Dovecot] auth failures
tss at iki.fi
Thu Dec 19 23:55:11 EET 2013
On 12.12.2013, at 13.05, Andreas Schulze <andreas.schulze at datev.de> wrote:
> last week and today our dovecot pop3 server stopped responding.
> Without any other logentries dovecot start to log only this:
> Dec 12 09:14:12 mbox1 dovecot: auth: Error: ldap(testuser,192.0.2.110,<FBZH7lHtAQAK/FCj>): ldap_search(base=ou=accounts,dc=example,dc=de filter=(&(|(uid=testuser)(mail=testuser))(!(state=blocked)))) failed: Operations error
> For every pop3 Session, ~2000 per Minute ..., over 10 Minutes
> I send dovecot a SIGTERM. After dovecot was started again, all was fine again.
> # doveconf -n
> The LDAP-Server itself did resond to queries in the same timeframe. I know this because the MTA on the same host was able to deliver messages into mailboxes.
Likely the difference is that Dovecot keeps the LDAP connection open for a very long time, while MTA likely recreates new connections often (maybe even every time). I guess the fix would be to simply treat that error as "reconnection required": http://hg.dovecot.org/dovecot-2.2/rev/ea38559ffd4e
More information about the dovecot