[Dovecot] ldap_search() failed "Server Busy"
Hi,
We are using dovecot 1.1.11 on Solaris 10u6. Under load, we are experiencing the following errors:
Jun 4 18:30:59 ug1s02-zone1 dovecot: [ID 107833 mail.error] auth(default): ldap(0202934816@ug.smilecoms.com,10.31.3.13): ldap_search() failed (filter (uid=0202934816@ug.smilecoms.com)): Server is busy
We are authenticating against sun directory server yet see no errors in the directory server and it seems to be under low load. Any ideas if there is something on dovecot we should tune to erradicate this? We are running a web front end on top of dovecot and hence have a lot of login/logout happening as the user navigates around.
I have included our config below:
dovecot.conf:
base_dir = /opt/csw/var/run/dovecot/ protocols = imap pop3 listen = * disable_plaintext_auth = no shutdown_clients = yes log_timestamp = "%b %d %H:%M:%S " syslog_facility = mail ssl_listen = ssl_disable = yes login_dir = /opt/csw/var/run/dovecot/login login_chroot = yes login_user = dovecot login_process_size = 128 login_process_per_connection = no login_processes_count = 3 login_max_processes_count = 128 login_max_connections = 256 login_greeting = Dovecot ready. login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c login_log_format = %$: %s mail_location = maildir:/sapool1/mail/%3n/%3.3n/%6.3n/%u mail_full_filesystem_access = yes mail_debug = no fsync_disable = yes first_valid_uid = 101 mail_save_crlf = yes mbox_dirty_syncs = yes protocol imap { login_executable = /opt/csw/libexec/dovecot/imap-login mail_executable = /opt/csw/libexec/dovecot/imap login_greeting_capability = no imap_client_workarounds = outlook-idle }
protocol pop3 { login_executable = /opt/csw/libexec/dovecot/pop3-login mail_executable = /opt/csw/libexec/dovecot/pop3 pop3_no_flag_updates = no pop3_enable_last = no pop3_reuse_xuidl = no pop3_lock_session = no pop3_uidl_format = %v-%u pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s }
protocol lda { postmaster_address = postmaster@example.com hostname = sol10-dev.dutoit.net }
auth_anonymous_username = anonymous auth_verbose = no auth_debug = no auth_debug_passwords = no auth_worker_max_count = 30 auth default { mechanisms = plain passdb ldap { args = /opt/csw/etc/dovecot-ldap.conf } userdb static { args = uid=exim gid=mail home=/sapool1/mail/%u }
user = root count = 1 ssl_require_client_cert = no ssl_username_from_cert = no
socket listen { master { path = /opt/csw/var/run/dovecot/auth-master mode = 0600 user = root group = root } } }
dict { }
plugin { }
dovecot-ldap.conf:
hosts = ldap1.it.ug.smilecoms.com:389 dn = cn=Directory Manager dnpass = blahblah sasl_bind = no tls = no ldap_version = 3 base = dc=smilecoms,dc=com deref = never scope = subtree user_filter = (uid=%u) pass_attrs = uid=user,PIN=password pass_filter = (uid=%u) default_pass_scheme = PLAIN
Thanks so much! Paul
On Thu, 2009-06-04 at 22:23 +0200, Paul Carter-Brown wrote:
We are using dovecot 1.1.11 on Solaris 10u6. Under load, we are experiencing the following errors:
Jun 4 18:30:59 ug1s02-zone1 dovecot: [ID 107833 mail.error] auth(default): ldap(0202934816@ug.smilecoms.com,10.31.3.13): ldap_search() failed (filter (uid=0202934816@ug.smilecoms.com)): Server is busy
This error message is returned by LDAP server. See if there is any configuration related to this on server side.
We are authenticating against sun directory server yet see no errors in the directory server and it seems to be under low load. Any ideas if there is something on dovecot we should tune to erradicate this?
You could try if increasing auth process count helps (but that could also break startup in some setups):
auth default { .. count = 5 }
On Thu, 2009-06-04 at 22:23 +0200, Paul Carter-Brown wrote:
Jun 4 18:30:59 ug1s02-zone1 dovecot: [ID 107833 mail.error] auth(default): ldap(0202934816@ug.smilecoms.com,10.31.3.13): ldap_search() failed (filter (uid=0202934816@ug.smilecoms.com)): Server is busy
We are authenticating against sun directory server yet see no errors in the directory server and it seems to be under low load. Any ideas if there is something on dovecot we should tune to erradicate this? We are running a web front end on top of dovecot and hence have a lot of login/logout happening as the user navigates around.
Oh, and enabling auth cache would probably solve this too, since most auths wouldn't go to LDAP then.
Thanks Timo,
Dovecot would not boot without count=1 but i did change the settings to cache authentications and we cant reproduce the error any more.
Thanks for your help!
Paul
-----Original Message----- From: Timo Sirainen tss@iki.fi To: Paul Carter-Brown paul.carter-brown@smilecoms.com Cc: dovecot@dovecot.org Subject: Re: [Dovecot] ldap_search() failed "Server Busy" Date: Thu, 04 Jun 2009 17:56:35 -0400
On Thu, 2009-06-04 at 22:23 +0200, Paul Carter-Brown wrote:
Jun 4 18:30:59 ug1s02-zone1 dovecot: [ID 107833 mail.error] auth(default): ldap(0202934816@ug.smilecoms.com,10.31.3.13): ldap_search() failed (filter (uid=0202934816@ug.smilecoms.com)): Server is busy
We are authenticating against sun directory server yet see no errors in the directory server and it seems to be under low load. Any ideas if there is something on dovecot we should tune to erradicate this? We are running a web front end on top of dovecot and hence have a lot of login/logout happening as the user navigates around.
Oh, and enabling auth cache would probably solve this too, since most auths wouldn't go to LDAP then.
participants (2)
-
Paul Carter-Brown
-
Timo Sirainen