Re: [Dovecot] 1.0.rc10 status report
dovecot-request@dovecot.org wrote:
Date: Fri, 20 Oct 2006 13:26:03 +0100 (BST) From: David Lee t.d.lee@durham.ac.uk Subject: [Dovecot] 1.0.rc10 status report
- "User unknown": We use NIS for our passwd information. On the earlier rc8 test we had had several occurences of "User unknown" (from "deliver") giving "dsn=5..." for perfectly valid users. So for this rc10 test I applied a local patch so these were reduced to "EX_TEMPFAIL" (dsn=4...). (This was triggered, as epected, a few times and subsequent delivery attemtps succeeded.) I strongly suspect that this is some sort of issue with FC5, probably "nscd" and nothing to do with dovecot. Hints would be nice, but from the dovecot perspective you may probably ignore this item.
I've had similar "User unknowns" with nscd in the past. I was using
dovecot ->getpwent -> nscd -> nss_ldap -> LDAP.
I found out that whenever the ldap server got restarted, nscd did not
restart properly and immediately its permanent ldap connection, and was
giving 'user unknown' replies at least for a few minutes.
Restarting nscd would fix the problem immediately. Running without nscd
would also fix the problem. There was no problem with pam_ldap
authentication.
As a result, the system got ignorant of its uncached users for a few
moments.
My workaround was a crontab that kept /etc/passwd up-to-date as well as an entry in the /etc/resolv.conf 'passwd: ldap files'
(cat /etc/passwd ; getent passwd ) |sort -u >/etc/passwd.tmp && mv /etc/passwd.tmp /etc/passwd
So should I have the indexes on the fileserver (one instance), or should they be on each cluster machine's private storage (possibly several instances; one per cluster machine)? The suggestion is that if you need to have mailboxes over NFS, use local disk for indexes. If you read the complete list archive you will find too many people that have had troubles with indexes over NFS. Local indexes have a performance penalty, only when you have access from different imap servers (especially concurrent) .
apap
On Mon, Oct 23, 2006 at 11:04:18AM +0300, "Αποστόλης Παπαγιαννάκης (Apostolis Papagiannakis)" wrote:
I've had similar "User unknowns" with nscd in the past. I was using dovecot ->getpwent -> nscd -> nss_ldap -> LDAP.
Are you using ldapi?
Axel.Thimm at ATrpms.net
Axel Thimm wrote:
On Mon, Oct 23, 2006 at 11:04:18AM +0300, "Αποστόλης Παπαγιαννάκης (Apostolis Papagiannakis)" wrote:
I've had similar "User unknowns" with nscd in the past. I was using dovecot ->getpwent -> nscd -> nss_ldap -> LDAP.
Are you using ldapi?
Oops, I think I sent my previous post with unreadable HTML formating. I hope this one is OK.
In /etc/ldap.conf (nss_ldap conf file) I use two ldap servers as "ldaps" URIs.
# /etc/ldap.conf uri ldaps://ldap1.auth.gr/ ldaps://ldap2.auth.gr/
apap
On Mon, Oct 23, 2006 at 12:44:42PM +0300, "Αποστόλης Παπαγιαννάκης (Apostolis Papagiannakis)" wrote:
Axel Thimm wrote:
On Mon, Oct 23, 2006 at 11:04:18AM +0300, "Αποστόλης Παπαγιαννάκης (Apostolis Papagiannakis)" wrote:
I've had similar "User unknowns" with nscd in the past. I was using dovecot ->getpwent -> nscd -> nss_ldap -> LDAP.
Are you using ldapi?
Oops, I think I sent my previous post with unreadable HTML formating. I hope this one is OK.
In /etc/ldap.conf (nss_ldap conf file) I use two ldap servers as "ldaps" URIs.
# /etc/ldap.conf uri ldaps://ldap1.auth.gr/ ldaps://ldap2.auth.gr/
apap
You need to make sure that the user nscd is running as has proper permissions to the required resources (r/w on ldapi sockets, read on ldaps' ca certs and the like). Turn on the debug level in ldap.conf (nss_ldap's, not openssl's) and sudo to the nscd user/group to test the access.
Also nscd doesn't use rootbinddn, it uses binddn.
Axel.Thimm at ATrpms.net
participants (3)
-
"Αποστόλης Παπαγια ννάκης (Apostolis Papagiannakis)"
-
"Αποστόλης Παπαγιαννάκη ς (Apostolis Papagiannakis)"
-
Axel Thimm