[courier-users] authldap problems

Chris Wage Tue, 11 Feb 2003 15:30:48 -0800

Hi,

I have run into a frustrating snag with authldap.


First, the details:
# dpkg -l | grep courier 
ii  courier-authda 0.37.3-2.3     Courier Mail Server authentication
daemon
ii  courier-base   0.37.3-2.3     Courier Mail Server Base System
ii  courier-imap   1.4.3-2.3      IMAP daemon with PAM and Maildir
support
ii  courier-ldap   0.37.3-2.3     LDAP support for Courier Mail Server
ii  courier-pop    0.37.3-2.3     POP3 daemon with PAM and Maildir
support

We are using these packages on Debian -stable boxes to talk to an
OpenLDAP server for authentication. It works great, except that authldap
seems to not be very resistent to connection loss to the LDAP server.

If the connection is lost, via timeout, or perhaps if the LDAP server
restarts (as we're doing a lot right now in configuration-mode :) ),
authldap never seems to try to reconnect, and hence all authentication
fails until I manually restart authdaemon.

In fact, not only does it not reconnect, but it seems to try to keep
talking on the long-dead connection:

12:49:44.486625 192.168.0.2.37397 > 192.168.0.3.389: . ack 844 win 8576 
<nop,nop,timestamp 182093199 181588891> (DF)
12:49:44.486610 192.168.0.3.389 > 192.168.0.2.37397: P 844:858(14) ack 417 win 5792 
<nop,nop,timestamp 181588891 182093199> (DF)
12:49:44.486641 192.168.0.2.37397 > 192.168.0.3.389: . ack 858 win 8576 
<nop,nop,timestamp 182093199 181588891> (DF)

<This is where the connection should be torn down, as openLDAP is shutting down and 
restarting, hence the FIN>.

12:49:54.079640 192.168.0.3.389 > 192.168.0.2.37397: F 858:858(0) ack 417 win 5792 
<nop,nop,timestamp 181589850 182093199> (DF)
12:49:54.110663 192.168.0.2.37397 > 192.168.0.3.389: . ack 859 win 8576 
<nop,nop,timestamp 182094162 181589850> (DF)

<But despite this, a subsequent authentication attempt sends a PUSH for the old 
connection, hence the RST response form the LDAP server>

12:50:01.673057 192.168.0.2.37397 > 192.168.0.3.389: P 417:542(125) ack 859 win 8576 
<nop,nop,timestamp 182094918 181589850> (DF)
12:50:01.673224 192.168.0.3.389 > 192.168.0.2.37397: R 3798183240:3798183240(0) win 0 
(DF)

I have given it plenty of time and it never seems to reconnect. Restarting authdaemon 
has been my only recourse.

Any ideas?

Thanks,

--Chris

-- 
Chris Wage
[EMAIL PROTECTED]
http://chris.agenteight.com/

msg10381/pgp00000.pgp
Description: PGP signature

[courier-users] authldap problems

Reply via email to