Hello,
we run a Dovecot 2.0.13 instance purely as SASL backend for Postfix, authenticating against a local passwd-file and our central LDAP database.
# dovecot -n # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32.36-0.5-default x86_64 SUSE Linux Enterprise Server 11 # (x86_64) auth_mechanisms = plain login auth_verbose = yes passdb { args = /etc/dovecot/dovecot-passwd driver = passwd-file } passdb { args = /etc/dovecot/dovecot-ldap-simauth.conf.ext driver = ldap } protocols = none service auth { unix_listener /var/spool/postfix-postout/private/auth { group = postfix mode = 0660 user = postfix } } ssl = no
There is only a single user in the passwd-file for monitoring. We monitor authentication delays for both this local user and one user from LDAP.
Due to a firmware bug, our six-figures NAS causes extremely high LDAP delays (in the range of 20-60 seconds, instead of the usual 50ms) once an hour. The weird thing is, I also see these delays in the graph for the local user. Which got me thinking
- are authentication requests handled serially by dovecot/auth?
- any way to solve this situation for the local user (not to be blocked by the delayed LDAP query)?
- any way to solve this situation for LDAP users? We could possibly do some loadbalancing if the auth-daemon opened several LDAP connections
Thanks, Bernhard