Timo Sirainen wrote:
On Mon, 2007-12-24 at 10:45 +0100, Rolf E. Sonneveld wrote:
Dec 24 07:20:00 hostname dovecot: auth(default): LDAP: ldap_result()
failed: Can't contact LDAP server
..
I've looked through the archives and it seems that this problem is
caused by the fact that Dovecot (using the OpenLDAP client libraries?)
keeps the LDAP connection open; after (in our case) 15 minutes Active
Directory closes the connection and Dovecot signals this in the syslog
(and presumably automatically will create a new connection to AD).
I'm pretty sure that the OpenLDAP client libraries provide options to
use a client-side timeout for LDAP connections. My questions are:
* is there a reason that Dovecot wants to keep the LDAP connection open?
If there are no timeouts, there's not much point in wasting time and
reconnecting for no reason.
There are all sorts of situations where timeouts will occur: load
balancers, firewalls, etc. Furthermore, keeping connections open will
require extra resources on both client- and server side; in large-scale
environments this can lead to problems.
* Will the new V1.1 version have a config parameter to set the LDAP
client timeout or a default timeout value to close the connection?
No.
* If there's no 'fix' foreseen for V1.1, I'd like to file a request
to add such a parameter. How can I file such a request?
How about this: http://hg.dovecot.org/dovecot/rev/ae0556fb268d
I was very much surprised and pleased to see this! Thanks very much.
Yet, IMHO having a configurable timeout with a decent default value
would be my preference, given the issues I listed above.
Regards,
/rolf
