timo, i think i found a small problem with the ldap implementation:
when using auth_bind (this might be in all conditions, not just that one
- i haven't tested further), if the server lost connection to the ldap
server (ie, the ldap server died) dovecot-auth would never reconnect to
the ldap server and all subsequent auth attempts would fail. after a
little more digging, i discovered that if the ldap server went down and
came back up before the next dovecot request then everything would be
fine. however, if a request came in while the ldap server was down then
dovecot-auth would "cache" that the server was unavailable and never
recheck it.
i believe i tracked it down to a couple lines in db_ldap_bind and fixed
it - dovecot-auth is reconnecting to ldap in the condition where it was
not previously:
--- dovecot-1.0.3/src/auth/db-ldap.c 2007-10-15 18:26:55.983349000 +0000
+++ dovecot-1.0.3/src/auth/db-ldap.c.new 2007-10-15
18:28:03.124136000 +0000
@@ -446,7 +446,10 @@
msgid = ldap_bind(conn->ld, conn->set.dn, conn->set.dnpass,
LDAP_AUTH_SIMPLE);
if (msgid == -1) {
- db_ldap_connect_finish(conn, ldap_get_errno(conn));
+ if (db_ldap_connect_finish(conn, ldap_get_errno(conn)) <
0) {
+ /* lost connection, close it */
+ ldap_conn_close(conn, TRUE);
+ }
i_free(ldap_request);
return -1;
}
