Re: ldap/ad lookup timeout errors

Mon, 03 Nov 2008 07:58:28 -0800 

Kammen van, Marco, Springer SBM NL wrote:

Dear All,
As of lately we are getting more and more ldap lookup timeouts during 
the day....
Nov 3 12:44:59 servername postfix/proxymap[31451]: warning: 
dict_ldap_lookup: Search error -5: Timed out
Nov  3 12:45:09 servername postfix/proxymap[28685]: warning:
dict_ldap_lookup: Search error -5: Timed out
Nov  3 12:45:09 servername postfix/proxymap[31449]: warning:
dict_ldap_lookup: Search error -5: Timed out
Nov  3 12:45:11 servername postfix/proxymap[22154]: warning:
dict_ldap_lookup: Search error -5: Timed out
Which go paired with the following: Transcript of session follows. 

Out: 220 mx1.springer.com ESMTP Postfix
In:  HELO psmtp.com
Out: 250 mx1.springer.com
In:  MAIL FROM:<some external email address>
Out: 250 2.1.0 Ok
In:  RCPT TO:<some internal email address>
Out: 451 4.3.0 <some internal email address>: Temporary lookup failure
In:  QUIT
Out: 221 2.0.0 Bye

The ldap part of the postfix config looks like this:

server_host = ldap://server1:3268, ldap://server2:3268
search_base = DC=domain,DC=com
query_filter =
(&(homeMTA=*)(!(objectclass=publicFolder))(!(objectClass=msExchDynamicDi
stributionList))(!(objectClass=Contact))(!(objectClass=group))(!(cn=Syst
emMailbox*))(|(mail=%s)(proxyAddresses=smtp:%s)))
domain = hash:/usr/local/postfix/etc/virtual_alias_domains
special_result_attribute = homeMTA, msExchResponsibleMTAServerBL
leaf_result_attribute = cn
result_format = relay:[%s.springer-sbm.com]
scope = sub
bind = yes
bind_dn = [EMAIL PROTECTED]
bind_pw = password
version = 3
timeout = 5

I can imagine that because of the increasing load, both DC's are getting
a bit too busy....

1. Would it be wise to increase the timeout value to say 10 seconds?
2. In the past we used a local LDAP DB to do lookups, and never had this
issue...
   Is there a formula somewhere to calculate when its wise to move back
to a local DB, instaid of doing network AD   lookups?

    
Thanks for any comments!


With Kind Regards,

 
-	

Marco van Kammen
Springer
System Manager & Postmaster
        
-       
Van Godewijckstraat 30 | 3311 GX

Office Number: 05E21 
P.O. Box 17 | 3300 AA

Dordrecht | The Netherlands     
tel      +31 (0) 78 657 6446    
fax      +31 (0) 78 657 6302    
[EMAIL PROTECTED]

www.springer.com <http://www.springer.com/>  
-	
  



Unless your users change very frequently, or you have millions of users, 
you might be better off to do an export to a hash: formatted postfix 
lookup table every day (or hour) and let postfix use that.



Aside from any performance issues, it removes a point of failure for 
your mail server, as well as prevents an attack on your mail server from 
bringing down your DCs.


Terry























					Reply via email to