On Tue, 2007-01-09 at 09:54 +0000, Gavin Henry wrote:
<quote who="Adrian Close">
Hi all,
I'm running dovecot-1.0.rc17 on OpenBSD 3.9, using userdb and passdb methods of "ldap" (SSL on 636/tcp) in addition to "passwd".
Occasionally (generally after a few hours of operation, but not always), LDAP-based logins stop working (e.g. hang/timeout after POP3 PASS command). Accounts with local passwords (as opposed to accounts with a password field of "x") still work fine at this point.
We also get this. Twice a day we have to restart dovecot, using userdb and passdb via LDAP, with userdb_prefetch.
Just to add: we moved from rc
to rc15 recently, and we now also see a lot of hangs with ldap_authbind. The result handler for the initial ldap_search to find the dn to bind to is never called. I assume Timo fscked something up recently in my auth_bind code ;-P
Anyway, restarting ldap every hour or so with cron does the job :-|
I'd debug this if I had the time, but I won't have before next week.
Cheers, Marc
*RT IMSS Scanned* I get this problem as well, with dovecot running on a server running Fedora5 I first noticed this problem after a yum update that moved the server upto
On Wednesday 10 January 2007 15:07, J.M. Maurer wrote: the rpm dovecot-1.0.0.beta8.3.fc5.i386 The server original ran OK after it was originaly upgraded to Fedora5, which shiped with the rpm dovecot-1.0.0.beta2.7.i386
The LDAP server is openldap-2.0.27-8 running redhat 9.0
The minimum to fix the problem seems to be kill the dovecot auth processes.
Its happened again.
Jan 11 08:16:21 viruswall-1 dovecot: auth(default): client in: AUTH 1
PLAIN service=POP3 lip=195.245.100.152 rip=172.
16.20.72 resp=<hidden>
Jan 11 08:16:21 viruswall-1 dovecot: auth(default): client out: CONT 1
Jan 11 08:16:21 viruswall-1 dovecot: auth(default): client in: CONT<hidden>
Jan 11 08:16:21 viruswall-1 dovecot: auth(default): client out: OK 1
user=mikey
Jan 11 08:16:21 viruswall-1 dovecot: auth(default): master in: REQUEST
2354 1718 1
Jan 11 08:16:21 viruswall-1 dovecot: auth(default): master out: USER
2354 mikey system_user=mikey uid=1011 gid=513
home=/home/mikey
Jan 11 08:16:21 viruswall-1 dovecot: pop3-login: Login: user=<mikey>,
method=PLAIN, rip=172.16.20.72, lip=195.245.100.152
Jan 11 08:16:21 viruswall-1 dovecot: POP3(mikey): Disconnected: Logged out
top=0/0, retr=0/0, del=0/772, size=8769550
Jan 11 08:16:40 viruswall-1 dovecot: pop3-login: Disconnected:
rip=172.16.20.108, lip=195.245.100.152
Jan 11 08:16:54 viruswall-1 dovecot: auth(default): client in: AUTH 1
PLAIN service=POP3 lip=195.245.100.152 rip=172.
16.20.31 resp=<hidden>
Jan 11 08:16:54 viruswall-1 dovecot: auth(default): client in: AUTH 1
PLAIN service=POP3 lip=195.245.100.152 rip=172.
16.24.161 resp=<hidden>
Jan 11 08:16:54 viruswall-1 dovecot: auth(default): client out: CONT 1
Jan 11 08:16:54 viruswall-1 dovecot: auth(default): client in: CONT<hidden>
Jan 11 08:16:54 viruswall-1 dovecot: auth(default): client out: OK 1
user=wrosen
Jan 11 08:16:54 viruswall-1 dovecot: auth(default): master in: REQUEST
2355 1867 1
Jan 11 08:17:47 viruswall-1 dovecot: pop3-login: Disconnected:
rip=172.16.20.108, lip=195.245.100.152
Jan 11 08:17:54 viruswall-1 dovecot: pop3-login: Disconnected: Inactivity:
method=PLAIN, rip=172.16.24.161, lip=195.245.100.152
Summary :- The login from 172.16.20.72 @ Jan 11 08:16:21 was successfull
Problem appears to start with the near concurrent logins at Jan 11 08:16:54 All of the LDAP lookup for the first of these run over the same tcp connection as the preceding calls to auth master,
dovecot-auth seems run mostly with the same tcp tcp socket for anything from 6 minutes to an hour then close the socket and open a new one. Very occasionally dovecot-auth exits logging the event BROKEN NSS IMPLEMENTATION It is then immediately restarted by dovecot.
Dovecot is configured to use pam for passdb and userdb with pam inturn configured to use LDAP.
At the time it hung there were two tcp connections with some of the queries for the second of the overlapping logins runs over a second tcp connection to the LDAP server.
ps/lsof show 3 dovecot-auth processes.
1 zombie 1 the parent with a single tcp connection to the LDAP server 1 a child with 2 connections to the LDAP server
This e-mail is confidential and may be legally privileged. It is intended solely for the use of the individual(s) to whom it is addressed. Any content in this message is not necessarily a view or statement from Road Tech Computer Systems Limited but is that of the individual sender. If you are not the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. We use reasonable endeavours to virus scan all e-mails leaving the company but no warranty is given that this e-mail and any attachments are virus free. You should undertake your own virus checking. The right to monitor e-mail communications through our networks is reserved by us