[Dovecot] How to define ldap connection idle

Timo Sirainen tss at iki.fi
Fri Nov 4 23:03:25 EET 2011


On Thu, 2011-11-03 at 11:52 -0400, Aliet Santiesteban Sifontes wrote:
> I'm having a problem with dovecot ldap connection when ldap server is in
> another firewall zone, firewall kills the ldap connection after a
> determined period of inactivity, this is good from the firewall point of
> view but is bad for dovecot because it never knows the connections has been
> dropped, this creates longs timeouts in dovecot and finally it reconnects,
> meanwhile many users fails to authenticate, I have seen this kind of post
> in the list for a while but can't find a solution for it, so my question is
> how to define a idle ldap time in dovecot so it can reconnect before the
> firewall has dropped the connection or just close the connection under
> inactivity so when a user authenticate doesn't fails for a while until
> dovecot detects that the connection has hanged. Is this a feature request
> or there is already a configuration for this???

Can't the firewall be changed to reject the LDAP packets instead of
dropping them? Then Dovecot would immediately notice that the connection
has died, and with a recent enough version it wouldn't even log an error
about it.

I guess some kind of an "ldap_idle_disconnect = 30s" setting could be
added, but it's not a very high priority for me.





More information about the dovecot mailing list