Re: Failover for ldapdb doesn't work when packets are dropped by iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


--On 15. Mai 2017 um 08:38:09 -0500 Dan White <dwhite@xxxxxxx> wrote:

On 05/15/17 14:30 +0200, Sebastian Hagedorn wrote:
we're trying to move from auxprop sasldb to ldapdb. Everything is
working fine with both cyrus-imapd and sendmail. Even failover seems
to be working (with multiple entries for ldapdb_uri), but only if the
client gets a reject of some sort. Initially I tried to simulate the
failure of the primary LDAP server with an iptables rule that dropped
the packets. That led to a 30 second timeout and no failover taking

<~  334 xxx
~> xxx
<~* Timeout (30 secs) waiting for server response
*** No authentication type succeeded

Only when I changed the DROP to a REJECT in the iptables rule did the
failover work as expected. I realize that a server that's down usually
behaves like a REJECT rule, but I still would think that there should
be a configurable timeout after which a failover takes place in the
DROP scenario as well. In my 15+ years as a sysadmin there have been
several occasions where servers were nominally running but didn't
reply anymore, which would be just like that scenario.

You can limit the network timeout functionality of the ldapdb plugin using
the ldapdb_rc sasl option:

See ldap.conf(5) and it's TIMEOUT/TIMELIMIT options.

Thanks, but that doesn't seem to work either. I added the following line to Sendmail.conf:

ldapdb_rc: /etc/sasl2/ldap.rc

$ cat /etc/sasl2/ldap.rc

I restarted sendmail, but I still get the 30 second timeout.
   .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
                .:.Regionales Rechenzentrum (RRZK).:.
  .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.

Attachment: pgpjQ70BzSbCW.pgp
Description: PGP signature

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux