[Dovecot] Parallel auth
Timo Sirainen
tss at iki.fi
Mon Aug 15 02:32:05 EEST 2011
On 22.7.2011, at 9.42, Bernhard Schmidt wrote:
> passdb {
> args = /etc/dovecot/dovecot-passwd
> driver = passwd-file
> }
> passdb {
> args = /etc/dovecot/dovecot-ldap-simauth.conf.ext
> driver = ldap
> }
Dovecot should first try the passwd-file and if it succeeds, stop. If it fails, continues to ldap.
> Due to a firmware bug, our six-figures NAS causes extremely high LDAP
> delays (in the range of 20-60 seconds, instead of the usual 50ms) once
> an hour. The weird thing is, I also see these delays in the graph for
> the local user. Which got me thinking
Yes, that is weird.
> * are authentication requests handled serially by dovecot/auth?
Yes.
> * any way to solve this situation for the local user (not to be blocked
> by the delayed LDAP query)?
Shouldn't happen! Maybe the delay was caused by something not directly related to the LDAP lookups.. You could also verify with straceing the auth process and authenticating as the local user to verify that it doesn't do an LDAP lookup.
> * any way to solve this situation for LDAP users? We could possibly do
> some loadbalancing if the auth-daemon opened several LDAP connections
Not currently, at least not until I rewrite LDAP's connection pooling to work in a similar way to SQL. Although even that doesn't solve the latency problems, someone else also recently complained about one of their SQL servers giving high latency replies and Dovecot not dropping that server in favor of the second fast one.. I should do something about that.
More information about the dovecot
mailing list