-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 13 Nov 2006, Gábor Lénárt wrote:
Nov 13 08:24:14 sn0 dovecot: auth(default): ldap(user,127.0.0.1): bind search: base=dc=example,dc=com filter=(&(objectclass=mailuser)(inetuserstatus=active)(mail=user)) Nov 13 08:24:14 sn0 slapd[3925]: connection_input: conn=303725 deferring operation: pending operations
The trick - as you have also guessed - that it reconnects each time. So for me it would be also good, that dovecot would be able to reconnect each time ...
We have lots of trouble with OpenLDAP under heavy load. After trial-and-error I do now:
- unbind() when I do not intend to use the LDAP connection in the script anymore, e.g. after authentification is done and the data has been read (LDAP retrieval done),
- re- bind() when I start a new LDAP retrieval (most often, an anonymous bind in order to find the user logging in),
- when bind() or the first the search fails with "pending blah blah" or "unwilling to perform", I drop the LDAP connection and reconnect, then bind() and, eventually, search again.
None of this is necessary by the API as I understand it, but now the scripts almost never fail for LDAP errors.
To reconnect to the LDAP server each time is an huge performace killer in my envrionment. I would have expected in any environment?!
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux)
iQEVAwUBRVg24S9SORjhbDpvAQK2Awf9EHVyY0Mv8bB0OsGwQThyXp7aQPgIlBhd 3zWZ2hldPjPw08kljiTLFnDcgJfV/qu8Nl5FZXgI4mJFJE2bnEPj2b1B0kINlPDE xyDiXnSfMAu2nLyQ6jKUL7UrL3zg8ztUTEMKNRA7AC7Jv/smOB4oti/SNsor4mxf 75a/6+346LvZPuhMxmFo6QI1z7RZM5lzISKcin1iFpaFiad5bRgrqxpuu1AP7Zc4 6snBNMLne9zDetPvGYWqztkqIk6yCso9i3ty0E7s7RxGYk7fBNIebaL0o2HzJZ2j kmN3oropXmg6wVD8sb9AF3yX42rdUxvEG1Mp65RBlDcgF6lz29ymkA== =k+PI -----END PGP SIGNATURE-----