Failover for ldapdb doesn't work when packets are dropped by iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



we're trying to move from auxprop sasldb to ldapdb. Everything is working fine with both cyrus-imapd and sendmail. Even failover seems to be working (with multiple entries for ldapdb_uri), but only if the client gets a reject of some sort. Initially I tried to simulate the failure of the primary LDAP server with an iptables rule that dropped the packets. That led to a 30 second timeout and no failover taking place:

<~  334 xxx
~> xxx
<~* Timeout (30 secs) waiting for server response
*** No authentication type succeeded

Only when I changed the DROP to a REJECT in the iptables rule did the failover work as expected. I realize that a server that's down usually behaves like a REJECT rule, but I still would think that there should be a configurable timeout after which a failover takes place in the DROP scenario as well. In my 15+ years as a sysadmin there have been several occasions where servers were nominally running but didn't reply anymore, which would be just like that scenario.

Thoughts? Am I overlooking something?

   .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
                .:.Regionales Rechenzentrum (RRZK).:.
  .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.

Attachment: pgp8uLM9K7KK8.pgp
Description: PGP signature

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux