timo, i think i found a small problem with the ldap implementation: when using auth_bind (this might be in all conditions, not just that one - i haven't tested further), if the server lost connection to the ldap server (ie, the ldap server died) dovecot-auth would never reconnect to the ldap server and all subsequent auth attempts would fail. after a little more digging, i discovered that if the ldap server went down and came back up before the next dovecot request then everything would be fine. however, if a request came in while the ldap server was down then dovecot-auth would "cache" that the server was unavailable and never recheck it. i believe i tracked it down to a couple lines in db_ldap_bind and fixed it - dovecot-auth is reconnecting to ldap in the condition where it was not previously: --- dovecot-1.0.3/src/auth/db-ldap.c 2007-10-15 18:26:55.983349000 +0000 +++ dovecot-1.0.3/src/auth/db-ldap.c.new 2007-10-15 18:28:03.124136000 +0000 @@ -446,7 +446,10 @@ msgid = ldap_bind(conn->ld, conn->set.dn, conn->set.dnpass, LDAP_AUTH_SIMPLE); if (msgid == -1) { - db_ldap_connect_finish(conn, ldap_get_errno(conn)); + if (db_ldap_connect_finish(conn, ldap_get_errno(conn)) < 0) { + /* lost connection, close it */ + ldap_conn_close(conn, TRUE); + } i_free(ldap_request); return -1; }