Is it possible that you could try this without auth_bind to see if the bug is in it or elsewhere in LDAP authentication? I switched to the mode where it will look up the hashed (in my case SHA)
Timo Sirainen wrote: password, using a single user to bind to the directory. dovecot_auth still consumes ~100% cpu time eventually, but it seemed to take longer to get there (not very scientific, I know).
Truss output looks like this, which is about the same as before: 0.0010 pollsys(0x00467DC0, 10, 0xFFFFFD7FFFDFFAD0, 0x00000000) = 1 0.0011 pollsys(0xFFFFFD7FFFDFF6B0, 5, 0xFFFFFD7FFFDFF690, 0x00000000) = 0 0.0011 pollsys(0xFFFFFD7FFFDFF6B0, 5, 0xFFFFFD7FFFDFF690, 0x00000000) = 0 0.0011 pollsys(0x00467DC0, 10, 0xFFFFFD7FFFDFFAD0, 0x00000000) = 1 0.0012 pollsys(0xFFFFFD7FFFDFF6B0, 5, 0xFFFFFD7FFFDFF690, 0x00000000) = 0 0.0012 pollsys(0xFFFFFD7FFFDFF6B0, 5, 0xFFFFFD7FFFDFF690, 0x00000000) = 0 0.0012 pollsys(0x00467DC0, 10, 0xFFFFFD7FFFDFFAD0, 0x00000000) = 1
You mentioned maybe "some connection is talking to Dovecot constantly". Is there a way I can track down what that might be? I assume you are talking about a socket, but without knowing what to look for I can't see anything unusual in the netstat output.
If you can't solve this in Dovecot's side, you could still use pam_ldap instead. Unfortunately I'm new to Solaris, so it will take me a little longer to test that.
Thank you for your remarkably quick response. I will look into setting up PAM as you suggested.
- Tore