Failover for ldapdb doesn't work when packets are dropped by iptables
Sebastian Hagedorn
Hagedorn at uni-koeln.de
Mon May 15 11:30:12 EDT 2017
--On 15. Mai 2017 um 10:14:22 -0500 Dan White <dwhite at olp.net> wrote:
> On 05/15/17 16:45 +0200, Sebastian Hagedorn wrote:
>> --On 15. Mai 2017 um 08:38:09 -0500 Dan White <dwhite at olp.net> wrote:
>>
>>> On 05/15/17 14:30 +0200, Sebastian Hagedorn wrote:
>>>> we're trying to move from auxprop sasldb to ldapdb. Everything is
>>>> working fine with both cyrus-imapd and sendmail. Even failover seems
>>>> to be working (with multiple entries for ldapdb_uri), but only if the
>>>> client gets a reject of some sort. Initially I tried to simulate the
>>>> failure of the primary LDAP server with an iptables rule that dropped
>>>> the packets. That led to a 30 second timeout and no failover taking
>>>> place:
>>>
>>> You can limit the network timeout functionality of the ldapdb plugin
>>> using the ldapdb_rc sasl option:
>>>
>>> http://www.sendmail.org/~ca/email/cyrus2/options.html
>>>
>>> See ldap.conf(5) and it's TIMEOUT/TIMELIMIT options.
>>
>> Thanks, but that doesn't seem to work either. I added the following
>> line to Sendmail.conf:
>>
>> ldapdb_rc: /etc/sasl2/ldap.rc
>>
>> $ cat /etc/sasl2/ldap.rc
>> TIMEOUT 2
>> TIMELIMIT 2
>> NETWORK_TIMEOUT 2
>>
>> I restarted sendmail, but I still get the 30 second timeout.
>
> Note from the manpage:
>
> "The LDAPRC, if defined, should be the basename of a file in the current
> working directory or in the user's home directory."
>
> Alternatively, you could define the options in your global ldap.conf.
Thanks again. That did the trick!
--
.:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
.:.Regionales Rechenzentrum (RRZK).:.
.:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20170515/cdec3dff/attachment-0001.sig>
More information about the Cyrus-sasl
mailing list