On Mon, 2011-06-27 at 12:11 +0000, Bernhard Schmidt wrote:

Hi,

we recently hit an issue where one (of the three configured) LDAP servers dropped an index on an attribute due to a misconfiguration, which caused all/most queries for passdb to take a very long time (several 10s of seconds).

The other servers would have been fine, but it seems like Dovecot does either not set a timelimit on the query or uses a very high one. I could not find any place to control that either.

Is there any knob to tune the LDAP timeout?

Fallbacking to another LDAP server is done by OpenLDAP internally. So what would be needed is either a) OpenLDAP to itself figure out that queries are running too slowly and see if another server is faster, or b) Dovecot figure that out itself and force OpenLDAP to switch to another server.

I don't know if either of them is possible with OpenLDAP API as it is. I doubt it.

Oh, also possibility c) Have Dovecot manage all the different LDAP server connections instead of OpenLDAP. Probably what I will have to do eventually anyway. That would allow also load balancing by actually using multiple connections, similar to how SQL code does it now. But yeah, that does remind me that I probably should change the SQL load balancing code to look at the query times.