On 29 Feb 2016, at 17:18, Gordon Grubert <gordon.grubert+li...@uni-greifswald.de> wrote: > > Hi, > > we are using a round robin dns record for connections to our ldap > system. This works fine for almost all cases. In particular, for > dovecot does this mean, when an ldap server is stopped, dovecot > instantly reconnects to another ldap server. > > But when the network connection to the active ldap server is broken, > dovecot sticks to the failed ldap server. Is there any possibility to > define a connection timeout?
What should happen is that as long as new requests keep coming, Dovecot realizes after about 60 seconds that the LDAP server is hanging. It then reconnects and the reconnection should work. But... First of all, 60 seconds is likely a much too long timeout. But more importantly it looks like there's something weird now going on with OpenLDAP library. I added this somewhat recently and tested that it works: https://github.com/dovecot/core/commit/fb3178a1924dae52151d88c4d4ded879df43dd3f But now that I'm testing it, the timeout doesn't seem to be triggering. I don't know what happened to it that it suddenly doesn't work.. This also means that OpenLDAP seems to be internally stuck trying to connect to a server that isn't responding. Dovecot doesn't currently make the decisions on which LDAP server to connect to. It just passes through all the hosts to OpenLDAP library and lets it handle it. And it seems like OpenLDAP library can't right now do this failover. So maybe Dovecot should be responsible for that as well.. Anyway, for now you could set up haproxy to localhost and configure Dovecot LDAP to connect to haproxy and haproxy connect to the actual LDAP servers.
