[Dovecot] LDAP timeout
Timo Sirainen
tss at iki.fi
Tue Jun 28 03:10:00 EEST 2011
On Mon, 2011-06-27 at 12:11 +0000, Bernhard Schmidt wrote:
> Hi,
>
> we recently hit an issue where one (of the three configured) LDAP
> servers dropped an index on an attribute due to a misconfiguration,
> which caused all/most queries for passdb to take a very long time
> (several 10s of seconds).
>
> The other servers would have been fine, but it seems like Dovecot does
> either not set a timelimit on the query or uses a very high one. I could
> not find any place to control that either.
>
> Is there any knob to tune the LDAP timeout?
Fallbacking to another LDAP server is done by OpenLDAP internally. So
what would be needed is either a) OpenLDAP to itself figure out that
queries are running too slowly and see if another server is faster, or
b) Dovecot figure that out itself and force OpenLDAP to switch to
another server.
I don't know if either of them is possible with OpenLDAP API as it is. I
doubt it.
Oh, also possibility c) Have Dovecot manage all the different LDAP
server connections instead of OpenLDAP. Probably what I will have to do
eventually anyway. That would allow also load balancing by actually
using multiple connections, similar to how SQL code does it now. But
yeah, that does remind me that I probably should change the SQL load
balancing code to look at the query times.
More information about the dovecot
mailing list