[Dovecot] LDAP auth load? (looking for advice)

Troy Engel tengel at fluid.com
Sat Feb 17 16:51:00 UTC 2007

One of the changes my beta testers are testing is switching from NIS to 
LDAP for login/auth/homedir lookups; all is working perfectly, Dovecot + 
PAM/nss_ldap is A-OK. No issues here, we've been using LDAP lookups on 
other servers for years.

I'm wondering about load, specifically if when I switch the entire 
company over, will the new authentication load stress my LDAP server to 
the point of breaking.

A) Does anyone here have some numbers or experience in this switch that 
could lend some real-world advice? We're talking maybe... 50 people with 
large (numerically, not gig-age) mailboxes, and ThunderBird seems to 
open 4-5 connections per client based on the logs.

B) Would anyone advise that I run a slapd slave directly on the main 
Dovecot server to alleviate load? Is this overkill and I shouldn't worry 
about it?

Mainly what has me concerned is that on the Dovecot machine, I'm getting 
a number of entries in the messages that look like:

   dovecot-auth: nss_ldap: reconnecting to LDAP server...
   dovecot-auth: nss_ldap: reconnected to LDAP server after 1 attempt(s)

No failures ever, it all just works. But still this tickles my brain 
that maybe it'll need more robustness come production time.

Thanks for your feedback,

Troy Engel | Systems Engineer
Fluid Inc. | http://www.fluid.com

More information about the dovecot mailing list