Re: Failover for ldapdb doesn't work when packets are dropped by iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 05/15/17 16:45 +0200, Sebastian Hagedorn wrote:
--On 15. Mai 2017 um 08:38:09 -0500 Dan White <dwhite@xxxxxxx> wrote:

On 05/15/17 14:30 +0200, Sebastian Hagedorn wrote:
we're trying to move from auxprop sasldb to ldapdb. Everything is
working fine with both cyrus-imapd and sendmail. Even failover seems
to be working (with multiple entries for ldapdb_uri), but only if the
client gets a reject of some sort. Initially I tried to simulate the
failure of the primary LDAP server with an iptables rule that dropped
the packets. That led to a 30 second timeout and no failover taking

You can limit the network timeout functionality of the ldapdb plugin using
the ldapdb_rc sasl option:

See ldap.conf(5) and it's TIMEOUT/TIMELIMIT options.

Thanks, but that doesn't seem to work either. I added the following line to Sendmail.conf:

ldapdb_rc: /etc/sasl2/ldap.rc

$ cat /etc/sasl2/ldap.rc

I restarted sendmail, but I still get the 30 second timeout.

Note from the manpage:

"The LDAPRC, if defined, should be the basename of a file in the current
working directory or in the user's home directory."

Alternatively, you could define the options in your global ldap.conf.

Dan White

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux