[Dovecot] dovecot: auth(default): LDAP: ldap_result() failed: Can't contact LDAP server

[Rolf E. Sonneveld]

Timo Sirainen wrote:
> On Mon, 2007-12-24 at 10:45 +0100, Rolf E. Sonneveld wrote:
>   
>> Dec 24 07:20:00 hostname dovecot: auth(default): LDAP: ldap_result() 
>> failed: Can't contact LDAP server
>>     
> ..
>   
>> I've looked through the archives and it seems that this problem is 
>> caused by the fact that Dovecot (using the OpenLDAP client libraries?) 
>> keeps the LDAP connection open; after (in our case) 15 minutes Active 
>> Directory closes the connection and Dovecot signals this in the syslog 
>> (and presumably automatically will create a new connection to AD).
>>
>> I'm pretty sure that the OpenLDAP client libraries provide options to 
>> use a client-side timeout for LDAP connections. My questions are:
>>
>>     * is there a reason that Dovecot wants to keep the LDAP connection open?
>>     
>
> If there are no timeouts, there's not much point in wasting time and
> reconnecting for no reason.
>   

There are all sorts of situations where timeouts will occur: load 
balancers, firewalls, etc. Furthermore, keeping connections open will 
require extra resources on both client- and server side; in large-scale 
environments this can lead to problems.

>>     * Will the new V1.1 version have a config parameter to set the LDAP
>>       client timeout or a default timeout value to close the connection?
>>     
>
> No.
>
>   
>>     * If there's no 'fix' foreseen for V1.1, I'd like to file a request
>>       to add such a parameter. How can I file such a request?
>>     
>
> How about this: http://hg.dovecot.org/dovecot/rev/ae0556fb268d
>   

I was very much surprised and pleased to see this! Thanks very much. 
Yet, IMHO having a configurable timeout with a decent default value 
would be my preference, given the issues I listed above.


Regards,
/rolf