[Dovecot] 1.0.rc10 status report

"Αποστόλης Παπαγιαννάκη "Αποστόλης Παπαγιαννάκη
Mon Oct 23 14:17:56 UTC 2006


>> Axel Thimm wrote:
>>     
>>> On Mon, Oct 23, 2006 at 11:04:18AM +0300, "????????? 
>>> ????????????? (Apostolis Papagiannakis)" wrote:
>>>  
>>>       
>>>> I've had similar "User unknowns" with nscd in the past. I was using 
>>>> dovecot ->getpwent -> nscd -> nss_ldap ->  LDAP.
>>>>    
>>>>         
>>> Are you using ldapi?
>>>  
>>>       
>> Oops, I think I sent my previous post with unreadable HTML formating. I 
>> hope this one is OK.
>>
>> In /etc/ldap.conf  (nss_ldap conf file) I use two ldap servers as 
>> "ldaps" URIs.
>>
>> # /etc/ldap.conf
>> uri ldaps://ldap1.auth.gr/ ldaps://ldap2.auth.gr/
>>
>> apap
>>
>>     
>
> You need to make sure that the user nscd is running as has proper
> permissions to the required resources (r/w on ldapi sockets, read on
> ldaps' ca certs and the like). Turn on the debug level in ldap.conf
> (nss_ldap's, not openssl's) and sudo to the nscd user/group to test
> the access.
>
> Also nscd doesn't use rootbinddn, it uses binddn.
>   
    I think file permissions have always been ok because nscd and 
nss_ldap usually work ok.  The problem appears only when the ldap 
connection breaks (e.g. remote ldap server restart). We don't use 
rootbinddn at all.
    Anyway I just checked the latest version of nss_ldap and now I see 
interesting new relevant options are available (e.g. nss_connect_policy 
persist/oneshot). I will give it a try and respond back in a few days.
    Definately nss_ldap's bad behaviour is not really a dovecot problem. 
Dovecot has been rock solid here serving 30000 users (4000 different 
active users every day) on a single server.

apap

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5890 bytes
Desc: S/MIME Cryptographic Signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20061023/176b5ecc/attachment.bin 


More information about the dovecot mailing list