RE: Saslauthd/LDAP timeout problems


Subject: RE: Saslauthd/LDAP timeout problems
From: Ram Rajadhyaksha (ramr at inflectiontech dot com)
Date: Tue Feb 04 2003 - 10:56:37 EST


Kevin:

I have had the same problem and made the following changes in lak.c. I moved
the LDAP_TIMEOUT and LDAP_TIMELIMIT_EXCEEDED cases down to the next case
block where it tears down and starts up a new connection on failure.

This is non-optimal as the teardown destroys the cache but it appears to
have fixed the problem for us. I'm skeptical that the LDAP caching feature
is useful anyway- the ldap_bind process is obviously not cached so the
saslauthd still has to connect to the LDAP server at least once.

I also suspect this is a TCP keepalive related. The problem never manifests
itself multiple times on the same daemon process over a few hours of time.

--
Ram Rajadhyaksha
Inflection Technology, LLC
www.inflectiontech.com

lak.c, Line 714: int retry = 5;

lak.c, Line 727:

case LDAP_SUCCESS: case LDAP_NO_SUCH_OBJECT: break; /* case LDAP_TIMEOUT: comment out these 2 lines case LDAP_TIMELIMIT_EXCEEDED: */ case LDAP_BUSY: case LDAP_UNAVAILABLE: case LDAP_INSUFFICIENT_ACCESS: /* We do not need to re-connect to the LDAP server under these conditions */ syslog(LOG_ERR|LOG_AUTH, "ldap_search_st() failed: %s", ldap_err2string(rc)); ldap_msgfree(*res); return LAK_FAIL; /* ramr - moved the timeout/timelimit constants to this case */ case LDAP_SERVER_DOWN: case LDAP_TIMEOUT: case LDAP_TIMELIMIT_EXCEEDED: if (retry) { syslog(LOG_WARNING|LOG_AUTH, "ldap_search_st() failed: %s. Trying to reconnect.", ldap_err2string(rc));

-- Ram Rajadhyaksha Inflection Technology, LLC www.inflectiontech.com

> -----Original Message----- > From: Kevin M. Myer [mailto:kevin_myer at iu13 dot org] > Sent: Tuesday, February 04, 2003 10:09 AM > To: cyrus-sasl at lists dot andrew dot cmu dot edu > Subject: Saslauthd/LDAP timeout problems > > > Hi, > > I've seen several posts regarding timeout issues with sites > that use saslauthd > and LDAP for authentication. I'm seeing similar problems > with our setup but I > think I have good explanations for why its happening and > hopefully, we can build > some connection housekeeping into saslauthd so some of these > problems go away.

[snip- see his actual message]







Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD