On Thu, 2011-11-03 at 11:52 -0400, Aliet Santiesteban Sifontes wrote:
I'm having a problem with dovecot ldap connection when ldap server is in another firewall zone, firewall kills the ldap connection after a determined period of inactivity, this is good from the firewall point of view but is bad for dovecot because it never knows the connections has been dropped, this creates longs timeouts in dovecot and finally it reconnects, meanwhile many users fails to authenticate, I have seen this kind of post in the list for a while but can't find a solution for it, so my question is how to define a idle ldap time in dovecot so it can reconnect before the firewall has dropped the connection or just close the connection under inactivity so when a user authenticate doesn't fails for a while until dovecot detects that the connection has hanged. Is this a feature request or there is already a configuration for this???
Can't the firewall be changed to reject the LDAP packets instead of dropping them? Then Dovecot would immediately notice that the connection has died, and with a recent enough version it wouldn't even log an error about it.
I guess some kind of an "ldap_idle_disconnect = 30s" setting could be added, but it's not a very high priority for me.