Sam Varshavchik wrote: > Bowie Bailey writes: > > Sam Varshavchik wrote: > > > > > > I'm wondering if the LDAP server forcibly closes idle connections. > > > After the first authentication request, each process keeps the > > > connection to the LDAP server open. The LDAP server may be > > > closing the idle connection after some period of time, which > > > results in an error when the same process eventually gets an > > > authentication request. > > > > > > Check the server's configuration for a similar setting, and > > > adjust it. > > > > Yes, the idle timeout is currently set at 30 seconds. I will > > increase it to a couple of minutes and see what happens. > > > > How do the authdaemon processes respond to lost ldap connections > > (besides the obvious errors)? Does it simply reconnect for the > > next attempt? > > > > Will a timeout of a few minutes work, or do I need to increase it > > further to avoid problems with the authdaemon? > > Increase it to at list a couple of hours. With the LDAP server on > the same machine, the reasons why you want an inactivity timeout are > no longer relevant.
But Courier is not the only application using the LDAP. There are other programs which read and write to the LDAP from across the network. Courier is the main LDAP user, but I need to consider remote access as well. I increased the timeout to 2 minutes and that seems to have greatly reduced the problem. I can still get an error occasionally, but most of them are gone. Based on your comments, I may increase the timeout to 10 minutes or so and see how it does. I am also going to ask on the LDAP list and see what their comments are as to the proper timeout setting. Can you give me a bit of insight into how the authdaemon processes are handling the LDAP connections? Do they ever close them or do they assume the connection will remain open indefinitely? What I would assume is this: - Each process opens a connection and holds it open. - When an authentication request comes in, it tries to use the connection. - If it fails, the process generates a 450 error and then opens a new connection for the next request. This would mean that whenever an authdaemon process is idle for more than the LDAP timeout period, I should expect to get an error on the next incoming email that attempts to use that process. Is that accurate? -- Bowie ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
