Hi,
We have experienced the same or similar problem, and not just with dovecot but also with postfix. Thanks for your HAProxy suggestion!
We have the feeling that when the ldap connection is actually DOWN (gone, terminated), OpenLDAP will reconnect to another server. But if the ldap server becomes 'stuck' (as in: returning no data anymore, but not actually terminating the connection) a failover does not happen.
(we have had the second scenario, with samba4 AD ldap)
MJ
On 03/01/2016 10:51 PM, Timo Sirainen wrote:
But now that I'm testing it, the timeout doesn't seem to be triggering. I don't know what happened to it that it suddenly doesn't work.. This also means that OpenLDAP seems to be internally stuck trying to connect to a server that isn't responding. Dovecot doesn't currently make the decisions on which LDAP server to connect to. It just passes through all the hosts to OpenLDAP library and lets it handle it. And it seems like OpenLDAP library can't right now do this failover. So maybe Dovecot should be responsible for that as well..
Anyway, for now you could set up haproxy to localhost and configure Dovecot LDAP to connect to haproxy and haproxy connect to the actual LDAP servers.