Discussion:
[Dovecot] auth: Error: LDAP: Connection lost to LDAP server, reconnecting
Angel L. Mateo
2011-08-25 10:04:32 UTC
Permalink
Hello,

I continue debugging my problems with my update to dovecot 2.x :-(

I have dovecot 2.0.13 running in ubuntu 10.04 (lucid) x64. My users are
in a ldap directory. The problem is that I have a lot of errors like:

Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection
lost to LDAP server, reconnecting

I have seen in the mail list a patch for 1.2
(http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these
logs when the disconnection is because of idle timeouts. As far as I
could see in this patch and 2.0.13 source code, this patch is already
applied in 2.0. So I guess that the disconnection is for other problem,
isn't it?
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Timo Sirainen
2011-08-25 10:10:18 UTC
Permalink
Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting
I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it?
I had completely forgotten I had added such a feature :) See what it logs with attached patch.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff
Type: application/octet-stream
Size: 630 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20110825/34e442ed/attachment.obj>
-------------- next part --------------
Angel L. Mateo
2011-08-26 06:43:29 UTC
Permalink
Post by Timo Sirainen
Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting
I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it?
I had completely forgotten I had added such a feature :) See what it logs with attached patch.
Hello,

I have found the problem. Is not a dovecot issue. The problem (if this
is a problem) is that our ldap is behind a load balancer. This load
balancer has a timeout of 3600s for ldap connections. If there is a
connection with more than 3600s without activity, the load balancer
close it, and this is the reason of the message.

Now I'm trying to find why dovecot has a ldap connection with inactivity.

One question, does auth process use more than one ldap connection? If
it uses a pool is more reasonable, because we have auth cache enabled
and now he have low activity, so it could be that a connection last more
than 1 hour with activity, isn't it?
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Angel L. Mateo
2011-08-26 11:01:06 UTC
Permalink
Post by Timo Sirainen
Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting
I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it?
I had completely forgotten I had added such a feature :) See what it logs with attached patch.
I have tried the patch. It confirms my hypothesis, the connection is
closed by my load balancer:

Aug 26 12:55:27 myotis31 dovecot: auth: Error: LDAP: Connection lost to
LDAP server, reconnecting (1 requests, 3603 idle secs)

Is there any way to configure ldap connection with a keepalive, so I
don't need a reconnection?
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Timo Sirainen
2011-08-29 03:26:17 UTC
Permalink
Post by Angel L. Mateo
Post by Timo Sirainen
Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting
I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it?
I had completely forgotten I had added such a feature :) See what it logs with attached patch.
I have tried the patch. It confirms my hypothesis, the connection is
Aug 26 12:55:27 myotis31 dovecot: auth: Error: LDAP: Connection lost to
LDAP server, reconnecting (1 requests, 3603 idle secs)
Ah. So this is noticed only when Dovecot tries to use the LDAP
connection that it's been disconnected.
Post by Angel L. Mateo
Is there any way to configure ldap connection with a keepalive, so I
don't need a reconnection?
Nope. But you could configure your LDAP server to idle-disconnect after
some amount of time.
Angel L. Mateo
2011-08-29 09:44:50 UTC
Permalink
Post by Timo Sirainen
Post by Angel L. Mateo
Post by Timo Sirainen
Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting
I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it?
I had completely forgotten I had added such a feature :) See what it logs with attached patch.
I have tried the patch. It confirms my hypothesis, the connection is
Aug 26 12:55:27 myotis31 dovecot: auth: Error: LDAP: Connection lost to
LDAP server, reconnecting (1 requests, 3603 idle secs)
Ah. So this is noticed only when Dovecot tries to use the LDAP
connection that it's been disconnected.
Post by Angel L. Mateo
Is there any way to configure ldap connection with a keepalive, so I
don't need a reconnection?
Nope. But you could configure your LDAP server to idle-disconnect after
some amount of time.
I know it, but configuring LDAP server does not resolve the problem,
because the error (in fact it's just an informational message) still
appears.

I think the solution is to configure the dovecot auth_cache_ttl to a
value less than the idletimeout of the ldap server.
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Timo Sirainen
2011-08-30 03:13:33 UTC
Permalink
Post by Angel L. Mateo
Post by Timo Sirainen
Post by Angel L. Mateo
Is there any way to configure ldap connection with a keepalive, so I
don't need a reconnection?
Nope. But you could configure your LDAP server to idle-disconnect after
some amount of time.
I know it, but configuring LDAP server does not resolve the problem,
because the error (in fact it's just an informational message) still
appears.
Why? If LDAP server idle-disconnects after 61 seconds and before NAT
timeout then Dovecot doesn't log anything about it.
Angel L. Mateo
2011-08-30 06:38:49 UTC
Permalink
Post by Timo Sirainen
Post by Angel L. Mateo
Post by Timo Sirainen
Post by Angel L. Mateo
Is there any way to configure ldap connection with a keepalive, so I
don't need a reconnection?
Nope. But you could configure your LDAP server to idle-disconnect after
some amount of time.
I know it, but configuring LDAP server does not resolve the problem,
because the error (in fact it's just an informational message) still
appears.
Why? If LDAP server idle-disconnects after 61 seconds and before NAT
timeout then Dovecot doesn't log anything about it.
I have tried this. My LDAP server closed the connection, but dovecot
logged the message. I guess that, for dovecot, is the same situation: it
has to auth a user, but it hasn't got any active connection to the ldap
server.
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Timo Sirainen
2011-08-30 09:41:26 UTC
Permalink
Post by Timo Sirainen
Why? If LDAP server idle-disconnects after 61 seconds and before NAT
timeout then Dovecot doesn't log anything about it.
I have tried this. My LDAP server closed the connection, but dovecot logged the message. I guess that, for dovecot, is the same situation: it has to auth a user, but it hasn't got any active connection to the ldap server.
Yeah, that happens if the disconnection is noticed at the time when user is trying to authenticate. But if the disconnection is noticed immediately when there are no user requests, there is also no message logged about it.
Angel L. Mateo
2011-08-31 06:54:12 UTC
Permalink
Post by Timo Sirainen
Yeah, that happens if the disconnection is noticed at the time when user is trying to authenticate. But if the disconnection is noticed immediately when there are no user requests, there is also no message logged about it.
So, there must be any problem, because when my load balancer expires
the connection it closes the tcp connection (it sends a fin packet). I
guess that slapd too. But I'll check this...
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Angel L. Mateo
2011-08-31 10:31:25 UTC
Permalink
Post by Timo Sirainen
Yeah, that happens if the disconnection is noticed at the time when
user is trying to authenticate. But if the disconnection is noticed
immediately when there are no user requests, there is also no message
logged about it.
So, there must be any problem, because when my load balancer expires the
connection it closes the tcp connection (it sends a fin packet). I guess
that slapd too. But I'll check this...
OK. You were right:

* When openldap closes the connection because of the idle timeout, it
sends a FIN packet. When dovecot needs the connections, it simply opens
a new connection (without any log message).

* When my load balancer closes the connection, it doesn't send anything,
so dovecot thinks the connection is active. So, when auth needs it, it
tries to send the search, then load balancer sends a RST packet, so
dovecot logs the message and opens a new connection.

So the solution is to configure oldap idletimeout parameter, dovecot
auth_cache_ttl and load balancer timeout in order to avoid this last
timeout to be reached.
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Angel L. Mateo
2011-08-31 10:51:31 UTC
Permalink
Post by Angel L. Mateo
* When openldap closes the connection because of the idle timeout, it
sends a FIN packet. When dovecot needs the connections, it simply opens
a new connection (without any log message).
* When my load balancer closes the connection, it doesn't send anything,
so dovecot thinks the connection is active. So, when auth needs it, it
tries to send the search, then load balancer sends a RST packet, so
dovecot logs the message and opens a new connection.
So the solution is to configure oldap idletimeout parameter, dovecot
auth_cache_ttl and load balancer timeout in order to avoid this last
timeout to be reached.
In fact, you could configure dovecot auth_cache_ttl bigger than the
other, it doesn't apply. You need to configure it only if you don't want
the connection to be really closed. If you just want to not log any
message, configuring slapd timeout less than load balancer timeout is
enough.
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Angel L. Mateo
2011-08-31 10:51:31 UTC
Permalink
Post by Angel L. Mateo
* When openldap closes the connection because of the idle timeout, it
sends a FIN packet. When dovecot needs the connections, it simply opens
a new connection (without any log message).
* When my load balancer closes the connection, it doesn't send anything,
so dovecot thinks the connection is active. So, when auth needs it, it
tries to send the search, then load balancer sends a RST packet, so
dovecot logs the message and opens a new connection.
So the solution is to configure oldap idletimeout parameter, dovecot
auth_cache_ttl and load balancer timeout in order to avoid this last
timeout to be reached.
In fact, you could configure dovecot auth_cache_ttl bigger than the
other, it doesn't apply. You need to configure it only if you don't want
the connection to be really closed. If you just want to not log any
message, configuring slapd timeout less than load balancer timeout is
enough.
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Angel L. Mateo
2011-08-31 10:51:31 UTC
Permalink
Post by Angel L. Mateo
* When openldap closes the connection because of the idle timeout, it
sends a FIN packet. When dovecot needs the connections, it simply opens
a new connection (without any log message).
* When my load balancer closes the connection, it doesn't send anything,
so dovecot thinks the connection is active. So, when auth needs it, it
tries to send the search, then load balancer sends a RST packet, so
dovecot logs the message and opens a new connection.
So the solution is to configure oldap idletimeout parameter, dovecot
auth_cache_ttl and load balancer timeout in order to avoid this last
timeout to be reached.
In fact, you could configure dovecot auth_cache_ttl bigger than the
other, it doesn't apply. You need to configure it only if you don't want
the connection to be really closed. If you just want to not log any
message, configuring slapd timeout less than load balancer timeout is
enough.
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Angel L. Mateo
2011-08-31 10:31:25 UTC
Permalink
Post by Timo Sirainen
Yeah, that happens if the disconnection is noticed at the time when
user is trying to authenticate. But if the disconnection is noticed
immediately when there are no user requests, there is also no message
logged about it.
So, there must be any problem, because when my load balancer expires the
connection it closes the tcp connection (it sends a fin packet). I guess
that slapd too. But I'll check this...
OK. You were right:

* When openldap closes the connection because of the idle timeout, it
sends a FIN packet. When dovecot needs the connections, it simply opens
a new connection (without any log message).

* When my load balancer closes the connection, it doesn't send anything,
so dovecot thinks the connection is active. So, when auth needs it, it
tries to send the search, then load balancer sends a RST packet, so
dovecot logs the message and opens a new connection.

So the solution is to configure oldap idletimeout parameter, dovecot
auth_cache_ttl and load balancer timeout in order to avoid this last
timeout to be reached.
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Angel L. Mateo
2011-08-31 10:31:25 UTC
Permalink
Post by Timo Sirainen
Yeah, that happens if the disconnection is noticed at the time when
user is trying to authenticate. But if the disconnection is noticed
immediately when there are no user requests, there is also no message
logged about it.
So, there must be any problem, because when my load balancer expires the
connection it closes the tcp connection (it sends a fin packet). I guess
that slapd too. But I'll check this...
OK. You were right:

* When openldap closes the connection because of the idle timeout, it
sends a FIN packet. When dovecot needs the connections, it simply opens
a new connection (without any log message).

* When my load balancer closes the connection, it doesn't send anything,
so dovecot thinks the connection is active. So, when auth needs it, it
tries to send the search, then load balancer sends a RST packet, so
dovecot logs the message and opens a new connection.

So the solution is to configure oldap idletimeout parameter, dovecot
auth_cache_ttl and load balancer timeout in order to avoid this last
timeout to be reached.
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Angel L. Mateo
2011-08-31 06:54:12 UTC
Permalink
Post by Timo Sirainen
Yeah, that happens if the disconnection is noticed at the time when user is trying to authenticate. But if the disconnection is noticed immediately when there are no user requests, there is also no message logged about it.
So, there must be any problem, because when my load balancer expires
the connection it closes the tcp connection (it sends a fin packet). I
guess that slapd too. But I'll check this...
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Angel L. Mateo
2011-08-31 06:54:12 UTC
Permalink
Post by Timo Sirainen
Yeah, that happens if the disconnection is noticed at the time when user is trying to authenticate. But if the disconnection is noticed immediately when there are no user requests, there is also no message logged about it.
So, there must be any problem, because when my load balancer expires
the connection it closes the tcp connection (it sends a fin packet). I
guess that slapd too. But I'll check this...
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Timo Sirainen
2011-08-30 09:41:26 UTC
Permalink
Post by Timo Sirainen
Why? If LDAP server idle-disconnects after 61 seconds and before NAT
timeout then Dovecot doesn't log anything about it.
I have tried this. My LDAP server closed the connection, but dovecot logged the message. I guess that, for dovecot, is the same situation: it has to auth a user, but it hasn't got any active connection to the ldap server.
Yeah, that happens if the disconnection is noticed at the time when user is trying to authenticate. But if the disconnection is noticed immediately when there are no user requests, there is also no message logged about it.
Timo Sirainen
2011-08-30 09:41:26 UTC
Permalink
Post by Timo Sirainen
Why? If LDAP server idle-disconnects after 61 seconds and before NAT
timeout then Dovecot doesn't log anything about it.
I have tried this. My LDAP server closed the connection, but dovecot logged the message. I guess that, for dovecot, is the same situation: it has to auth a user, but it hasn't got any active connection to the ldap server.
Yeah, that happens if the disconnection is noticed at the time when user is trying to authenticate. But if the disconnection is noticed immediately when there are no user requests, there is also no message logged about it.
Angel L. Mateo
2011-08-30 06:38:49 UTC
Permalink
Post by Timo Sirainen
Post by Angel L. Mateo
Post by Timo Sirainen
Post by Angel L. Mateo
Is there any way to configure ldap connection with a keepalive, so I
don't need a reconnection?
Nope. But you could configure your LDAP server to idle-disconnect after
some amount of time.
I know it, but configuring LDAP server does not resolve the problem,
because the error (in fact it's just an informational message) still
appears.
Why? If LDAP server idle-disconnects after 61 seconds and before NAT
timeout then Dovecot doesn't log anything about it.
I have tried this. My LDAP server closed the connection, but dovecot
logged the message. I guess that, for dovecot, is the same situation: it
has to auth a user, but it hasn't got any active connection to the ldap
server.
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Angel L. Mateo
2011-08-30 06:38:49 UTC
Permalink
Post by Timo Sirainen
Post by Angel L. Mateo
Post by Timo Sirainen
Post by Angel L. Mateo
Is there any way to configure ldap connection with a keepalive, so I
don't need a reconnection?
Nope. But you could configure your LDAP server to idle-disconnect after
some amount of time.
I know it, but configuring LDAP server does not resolve the problem,
because the error (in fact it's just an informational message) still
appears.
Why? If LDAP server idle-disconnects after 61 seconds and before NAT
timeout then Dovecot doesn't log anything about it.
I have tried this. My LDAP server closed the connection, but dovecot
logged the message. I guess that, for dovecot, is the same situation: it
has to auth a user, but it hasn't got any active connection to the ldap
server.
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Timo Sirainen
2011-08-30 03:13:33 UTC
Permalink
Post by Angel L. Mateo
Post by Timo Sirainen
Post by Angel L. Mateo
Is there any way to configure ldap connection with a keepalive, so I
don't need a reconnection?
Nope. But you could configure your LDAP server to idle-disconnect after
some amount of time.
I know it, but configuring LDAP server does not resolve the problem,
because the error (in fact it's just an informational message) still
appears.
Why? If LDAP server idle-disconnects after 61 seconds and before NAT
timeout then Dovecot doesn't log anything about it.
Timo Sirainen
2011-08-30 03:13:33 UTC
Permalink
Post by Angel L. Mateo
Post by Timo Sirainen
Post by Angel L. Mateo
Is there any way to configure ldap connection with a keepalive, so I
don't need a reconnection?
Nope. But you could configure your LDAP server to idle-disconnect after
some amount of time.
I know it, but configuring LDAP server does not resolve the problem,
because the error (in fact it's just an informational message) still
appears.
Why? If LDAP server idle-disconnects after 61 seconds and before NAT
timeout then Dovecot doesn't log anything about it.
Angel L. Mateo
2011-08-29 09:44:50 UTC
Permalink
Post by Timo Sirainen
Post by Angel L. Mateo
Post by Timo Sirainen
Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting
I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it?
I had completely forgotten I had added such a feature :) See what it logs with attached patch.
I have tried the patch. It confirms my hypothesis, the connection is
Aug 26 12:55:27 myotis31 dovecot: auth: Error: LDAP: Connection lost to
LDAP server, reconnecting (1 requests, 3603 idle secs)
Ah. So this is noticed only when Dovecot tries to use the LDAP
connection that it's been disconnected.
Post by Angel L. Mateo
Is there any way to configure ldap connection with a keepalive, so I
don't need a reconnection?
Nope. But you could configure your LDAP server to idle-disconnect after
some amount of time.
I know it, but configuring LDAP server does not resolve the problem,
because the error (in fact it's just an informational message) still
appears.

I think the solution is to configure the dovecot auth_cache_ttl to a
value less than the idletimeout of the ldap server.
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Timo Sirainen
2011-08-29 03:26:17 UTC
Permalink
Post by Angel L. Mateo
Post by Timo Sirainen
Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting
I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it?
I had completely forgotten I had added such a feature :) See what it logs with attached patch.
I have tried the patch. It confirms my hypothesis, the connection is
Aug 26 12:55:27 myotis31 dovecot: auth: Error: LDAP: Connection lost to
LDAP server, reconnecting (1 requests, 3603 idle secs)
Ah. So this is noticed only when Dovecot tries to use the LDAP
connection that it's been disconnected.
Post by Angel L. Mateo
Is there any way to configure ldap connection with a keepalive, so I
don't need a reconnection?
Nope. But you could configure your LDAP server to idle-disconnect after
some amount of time.
Angel L. Mateo
2011-08-26 06:43:29 UTC
Permalink
Post by Timo Sirainen
Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting
I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it?
I had completely forgotten I had added such a feature :) See what it logs with attached patch.
Hello,

I have found the problem. Is not a dovecot issue. The problem (if this
is a problem) is that our ldap is behind a load balancer. This load
balancer has a timeout of 3600s for ldap connections. If there is a
connection with more than 3600s without activity, the load balancer
close it, and this is the reason of the message.

Now I'm trying to find why dovecot has a ldap connection with inactivity.

One question, does auth process use more than one ldap connection? If
it uses a pool is more reasonable, because we have auth cache enabled
and now he have low activity, so it could be that a connection last more
than 1 hour with activity, isn't it?
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Angel L. Mateo
2011-08-26 11:01:06 UTC
Permalink
Post by Timo Sirainen
Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting
I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it?
I had completely forgotten I had added such a feature :) See what it logs with attached patch.
I have tried the patch. It confirms my hypothesis, the connection is
closed by my load balancer:

Aug 26 12:55:27 myotis31 dovecot: auth: Error: LDAP: Connection lost to
LDAP server, reconnecting (1 requests, 3603 idle secs)

Is there any way to configure ldap connection with a keepalive, so I
don't need a reconnection?
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Angel L. Mateo
2011-08-25 10:04:32 UTC
Permalink
Hello,

I continue debugging my problems with my update to dovecot 2.x :-(

I have dovecot 2.0.13 running in ubuntu 10.04 (lucid) x64. My users are
in a ldap directory. The problem is that I have a lot of errors like:

Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection
lost to LDAP server, reconnecting

I have seen in the mail list a patch for 1.2
(http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these
logs when the disconnection is because of idle timeouts. As far as I
could see in this patch and 2.0.13 source code, this patch is already
applied in 2.0. So I guess that the disconnection is for other problem,
isn't it?
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n _o)
y las Comunicaciones Aplicadas (ATICA) / \\
http://www.um.es/atica _(___V
Tfo: 868887590
Fax: 868888337
Timo Sirainen
2011-08-25 10:10:18 UTC
Permalink
Aug 24 23:07:32 myotis28 dovecot: auth-worker(default): LDAP: Connection lost to LDAP server, reconnecting
I have seen in the mail list a patch for 1.2 (http://hg.dovecot.org/dovecot-1.2/rev/355d5a40f7a7) to ignore these logs when the disconnection is because of idle timeouts. As far as I could see in this patch and 2.0.13 source code, this patch is already applied in 2.0. So I guess that the disconnection is for other problem, isn't it?
I had completely forgotten I had added such a feature :) See what it logs with attached patch.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff
Type: application/octet-stream
Size: 630 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20110825/34e442ed/attachment-0002.obj>
-------------- next part --------------
Loading...