[Dovecot] dovecot: auth(default): LDAP: ldap_result() failed: Can't contact LDAP server

[Rolf E. Sonneveld]

Hi,

I'm new to the list; excuse me if this has been asked recently/before.

running:
# dovecot --version
1.0.8

Output of dovecot -n:

base_dir: /var/run/dovecot
protocols: none
ssl_disable: yes
login_dir: /var/run/dovecot/login
login_executable: /usr/local/dovecot/libexec/dovecot/imap-login
auth default:
 verbose: yes
 debug: yes
 debug_passwords: yes
 passdb:
   driver: ldap
   args: /usr/local/dovecot/etc/dovecot-ldap.conf
 userdb:
   driver: ldap
   args: /usr/local/dovecot/etc/dovecot-ldap.conf
 socket:
   type: listen
   client:
 path: /usr/local/postfix/spool/private/auth
 mode: 432
 user: postfix
 group: postfix
   master:
 path: /var/run/dovecot-auth-master
 mode: 438

Using dovecot only for the purpose of providing SMTP AUTH service for 
Postfix, using Active Directory (AD) as authentication source. As you 
can see from the config, connectivity between Dovecot and AD is 
implemented using LDAP.


Contents of /usr/local/dovecot/etc/dovecot-ldap.conf (some site-specific 
info masqueraded):


auth_bind = yes
pass_filter = (sAMAccountName=%u)
hosts = AD1.domain.com:3268 AD2.domain.com:3268
dn = CN=Service Account Postfix,OU=Services,DC=domain,DC=com
dnpass = secret
ldap_version = 3
base = DC=domain,DC=com
scope = subtree

Now, this works fine and authentication via SMTP AUTH + Dovecot works 
perfect. Yet, every 15 minutes I get the following warning in the syslog 
logfile:


Dec 24 07:20:00 hostname dovecot: auth(default): LDAP: ldap_result() 
failed: Can't contact LDAP server
Dec 24 07:35:01 hostname dovecot: auth(default): LDAP: ldap_result() 
failed: Can't contact LDAP server
Dec 24 07:50:01 hostname dovecot: auth(default): LDAP: ldap_result() 
failed: Can't contact LDAP server
Dec 24 08:05:02 hostname dovecot: auth(default): LDAP: ldap_result() 
failed: Can't contact LDAP server
Dec 24 08:20:02 hostname dovecot: auth(default): LDAP: ldap_result() 
failed: Can't contact LDAP server
Dec 24 08:35:03 hostname dovecot: auth(default): LDAP: ldap_result() 
failed: Can't contact LDAP server


I've looked through the archives and it seems that this problem is 
caused by the fact that Dovecot (using the OpenLDAP client libraries?) 
keeps the LDAP connection open; after (in our case) 15 minutes Active 
Directory closes the connection and Dovecot signals this in the syslog 
(and presumably automatically will create a new connection to AD).


I'm pretty sure that the OpenLDAP client libraries provide options to 
use a client-side timeout for LDAP connections. My questions are:


   * is there a reason that Dovecot wants to keep the LDAP connection open?
   * Will the new V1.1 version have a config parameter to set the LDAP
 client timeout or a default timeout value to close the connection?
   * If there's no 'fix' foreseen for V1.1, I'd like to file a request
 to add such a parameter. How can I file such a request?


The warning is annoying; the sysadmin will create a filter, to filter 
the warning out from the syslog, but I'm afraid that if there's a real 
problem with authentication, that will be filtered too and the real 
problem is not noticed, before users start to complain.


/rolf

[Dovecot] sieve variables

[Pavel Volkovitskiy]

Hello!

I wonder if that possible to add support for sieve variables extension 
in upcoming dovecot 1.1?
( 
ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-ietf-sieve-variables-08.txt 
)


--
Pavel

Re: [Dovecot] Dovecot Log control=

[Evaggelos Balaskas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

i did a little change to my dovecot.conf setting up the CONTROL like
this at extra fields for the maildir account:

userdb_mail=maildir:/var/mail/folders/%u:INDEX=/var/mail/index/%u:CONTROL=/var/mail/control/%u

and the control files are now in the correct (with perms) directory.

Timo Sirainen wrote:
 Empty control directory simply means it uses the default one, i.e. root
 directory. As for what control files are, see
 http://wiki.dovecot.org/MailLocation/Maildir

thanks a lot timo,

Evaggelos Balaskas - http://ebalaskas.gr
Unix System Engineer
Informatics Engineer Technological Education
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHb591WIK+Pe9twhoRAmniAJ9smjNpHUpRomSK0kzp0iSTazy5XACgwdA/
td9/N0/al+jjxkqbYlZa40M=
=QASA
-END PGP SIGNATURE-

Re: [Dovecot] v1.1.beta12 released

[Gerhard Wiesinger]

Hello Timo!

Still got a core on my usual deliver testcase:
#0  0x005b2c32 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x0096b989 in raise () from /lib/tls/libc.so.6
#2  0x0096d342 in abort () from /lib/tls/libc.so.6
#3  0x080b1da4 in default_fatal_handler (type=LOG_TYPE_PANIC, status=0,
format=0x80c3960 file %s: line %d (%s): assertion failed: (%s), 
args=0xbfe6d014 \223\226\f\b\022\004) at failures.c:165
#4  0x080b1e57 in i_panic (format=0x80c3960 file %s: line %d (%s): 
assertion failed: (%s)) at failures.c:196

#5  0x080822fa in index_mail_close (_mail=0x941eb38) at index-mail.c:1032
#6  0x080826ce in index_mail_free (_mail=0x941eb38) at index-mail.c:1229
#7  0x080a2e20 in mail_free (mail=0xbfe6d0b8) at mail.c:18
#8  0x0805a928 in main (argc=-1075392304, argv=0x0) at deliver.c:997

Ciao,
Gerhard

--
http://www.wiesinger.com/


On Sat, 22 Dec 2007, Timo Sirainen wrote:


http://dovecot.org/releases/1.1/beta/dovecot-1.1.beta12.tar.gz
http://dovecot.org/releases/1.1/beta/dovecot-1.1.beta12.tar.gz.sig

Still not a release candidate, maybe the next one..

This release fixes a lot of bugs and adds some new sanity checks. Fixes
quite a lot of mbox problems.

v1.1.beta11 (no other versions) had a potential security hole where
memory was free()d multiple times.

\Recent flags should work perfectly now with mbox. Still somewhat broken
with maildir.