Patch SERVICE_FIRST_STATUS_TIMEOUT
Hi list, we had a lot of trouble with our Dovecot Replicating-Cluster installation authenticating against LDAP Service.
We ran in a timeout and what happened was that we got more and more search requests running against on our ldap server.
And on the dovecot site the process got killed after a couple of seconds. So we ran into a race condition and our LDAP Server was under heavy load. We got a log entry like this: "Initial status notification not received in 30 seconds, killing the process"
So we had to apply the attached patch to our Source based Dovecot Cluster.
Could you please make a configurable Parameter for our Patched value?
That would be great to get this parameter Configurable.
Thanks Andre Helwig
Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin
http://www.heinlein-support.de
Tel: 030 / 405051-0 Fax: 030 / 405051-19
Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin
On 16 Mar 2015, at 19:24, Andre Helwig <a.helwig@heinlein-support.de> wrote:
Hi list, we had a lot of trouble with our Dovecot Replicating-Cluster installation authenticating against LDAP Service.
We ran in a timeout and what happened was that we got more and more search requests running against on our ldap server.
And on the dovecot site the process got killed after a couple of seconds. So we ran into a race condition and our LDAP Server was under heavy load. We got a log entry like this: "Initial status notification not received in 30 seconds, killing the process"
What process? auth process?
So we had to apply the attached patch to our Source based Dovecot Cluster.
Could you please make a configurable Parameter for our Patched value?
That would be great to get this parameter Configurable.
That's the wrong solution though. A process initialization is supposed to take less than a second always. If something like LDAP initialization is taking minutes, this waiting should be done after the process initialization has finished.
I thought the LDAP initialization code was asynchronous though, unless you're using sasl_bind=yes or tls=yes?
On 16 Mar 2015, at 22:36, Timo Sirainen <tss@iki.fi> wrote:
So we had to apply the attached patch to our Source based Dovecot Cluster.
Could you please make a configurable Parameter for our Patched value?
That would be great to get this parameter Configurable.
That's the wrong solution though. A process initialization is supposed to take less than a second always. If something like LDAP initialization is taking minutes, this waiting should be done after the process initialization has finished.
I thought the LDAP initialization code was asynchronous though, unless you're using sasl_bind=yes or tls=yes?
http://hg.dovecot.org/dovecot-2.2/rev/0a17875f0ece should help with this. I did a bunch of other cleanup commits also, which are more or less required to avoid invalid errors from rapidly recreating auth processes that just die immediately.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 03/16/2015 10:30 PM, Timo Sirainen wrote:
On 16 Mar 2015, at 22:36, Timo Sirainen <tss@iki.fi> wrote:
So we had to apply the attached patch to our Source based Dovecot Cluster.
Could you please make a configurable Parameter for our Patched value?
That would be great to get this parameter Configurable.
That's the wrong solution though. A process initialization is supposed to take less than a second always. If something like LDAP initialization is taking minutes, this waiting should be done after the process initialization has finished.
I thought the LDAP initialization code was asynchronous though, unless you're using sasl_bind=yes or tls=yes?
http://hg.dovecot.org/dovecot-2.2/rev/0a17875f0ece should help with this. I did a bunch of other cleanup commits also, which are more or less required to avoid invalid errors from rapidly recreating auth processes that just die immediately.
Wow that was a fast response also with patching. We will test this asap.
Thanks a lot Timo.
Cheers, Andre Helwig
Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin
http://www.heinlein-support.de
Tel: 030 / 405051-0 Fax: 030 / 405051-19
Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBAgAGBQJVB/RpAAoJEAoTNwRDnEhRM5MH+QFq+RY95LpZr9qoVmQ+ABnb BH46N5nJxcKc2zRjATfotmEwpxjeVLEH0YrziTkvkTHUd4ehMrqBalxbGVpe/Y1T fjVB4iddM3uHrqzpUSweiS8D4l3Rh6xUL1m36pHtajPKfO6V+bauM0APpogFEXHc GNuUNLCh8IYAEezHTOiMhDSCob4Gx/cr5XOTqRMw/w093nkp1gyfoUUCCj6ZwMVy rgTgBmjebZlx2Kf70G6Q5fa2QXKhDwpWThPqlSrsiC6it10rPAKMjTC/mJ9O2/8/ 9jRGeFYqKVzMCUvPlnD568kXxsLTsXOZRkUDspgQmrJ06Y4VuXCz5KqEfDW/KsI= =Zk4U -----END PGP SIGNATURE-----
participants (2)
-
Andre Helwig
-
Timo Sirainen