Hi,
We are using dovecot 1.1.11 on Solaris 10u6. Under load, we are
experiencing the following errors:
Jun 4 18:30:59 ug1s02-zone1 dovecot: [ID 107833 mail.error]
auth(default): ldap(0202934816 at ug.smilecoms.com,10.31.3.13):
ldap_search() failed (filter (uid=0202934816 at ug.smilecoms.com)): Server
is busy
We are authenticating against sun directory server yet see no errors in
the directory server and it seems to be under low load. Any ideas if
there is something on dovecot we should tune to erradicate this? We are
running a web front end on top of dovecot and hence have a lot of
login/logout happening as the user navigates around.
I have included our config below:
dovecot.conf:
base_dir = /opt/csw/var/run/dovecot/
protocols = imap pop3
listen = *
disable_plaintext_auth = no
shutdown_clients = yes
log_timestamp = "%b %d %H:%M:%S "
syslog_facility = mail
ssl_listen =
ssl_disable = yes
login_dir = /opt/csw/var/run/dovecot/login
login_chroot = yes
login_user = dovecot
login_process_size = 128
login_process_per_connection = no
login_processes_count = 3
login_max_processes_count = 128
login_max_connections = 256
login_greeting = Dovecot ready.
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
login_log_format = %$: %s
mail_location = maildir:/sapool1/mail/%3n/%3.3n/%6.3n/%u
mail_full_filesystem_access = yes
mail_debug = no
fsync_disable = yes
first_valid_uid = 101
mail_save_crlf = yes
mbox_dirty_syncs = yes
protocol imap {
login_executable = /opt/csw/libexec/dovecot/imap-login
mail_executable = /opt/csw/libexec/dovecot/imap
login_greeting_capability = no
imap_client_workarounds = outlook-idle
}
protocol pop3 {
login_executable = /opt/csw/libexec/dovecot/pop3-login
mail_executable = /opt/csw/libexec/dovecot/pop3
pop3_no_flag_updates = no
pop3_enable_last = no
pop3_reuse_xuidl = no
pop3_lock_session = no
pop3_uidl_format = %v-%u
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
}
protocol lda {
postmaster_address = postmaster at example.com
hostname = sol10-dev.dutoit.net
}
auth_anonymous_username = anonymous
auth_verbose = no
auth_debug = no
auth_debug_passwords = no
auth_worker_max_count = 30
auth default {
mechanisms = plain
passdb ldap {
args = /opt/csw/etc/dovecot-ldap.conf
}
userdb static {
args = uid=exim gid=mail home=/sapool1/mail/%u
}
user = root
count = 1
ssl_require_client_cert = no
ssl_username_from_cert = no
socket listen {
master {
path = /opt/csw/var/run/dovecot/auth-master
mode = 0600
user = root
group = root
}
}
}
dict {
}
plugin {
}
dovecot-ldap.conf:
hosts = ldap1.it.ug.smilecoms.com:389
dn = cn=Directory Manager
dnpass = blahblah
sasl_bind = no
tls = no
ldap_version = 3
base = dc=smilecoms,dc=com
deref = never
scope = subtree
user_filter = (uid=%u)
pass_attrs = uid=user,PIN=password
pass_filter = (uid=%u)
default_pass_scheme = PLAIN
Thanks so much!
Paul
On Thu, 2009-06-04 at 22:23 +0200, Paul Carter-Brown wrote:> We are using dovecot 1.1.11 on Solaris 10u6. Under load, we are > experiencing the following errors: > > Jun 4 18:30:59 ug1s02-zone1 dovecot: [ID 107833 mail.error] > auth(default): ldap(0202934816 at ug.smilecoms.com,10.31.3.13): > ldap_search() failed (filter (uid=0202934816 at ug.smilecoms.com)): Server > is busyThis error message is returned by LDAP server. See if there is any configuration related to this on server side.> We are authenticating against sun directory server yet see no errors in > the directory server and it seems to be under low load. Any ideas if > there is something on dovecot we should tune to erradicate this?You could try if increasing auth process count helps (but that could also break startup in some setups): auth default { .. count = 5 } -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20090604/8650f13f/attachment-0002.bin>
On Thu, 2009-06-04 at 22:23 +0200, Paul Carter-Brown wrote:> Jun 4 18:30:59 ug1s02-zone1 dovecot: [ID 107833 mail.error] > auth(default): ldap(0202934816 at ug.smilecoms.com,10.31.3.13): > ldap_search() failed (filter (uid=0202934816 at ug.smilecoms.com)): Server > is busy > > We are authenticating against sun directory server yet see no errors in > the directory server and it seems to be under low load. Any ideas if > there is something on dovecot we should tune to erradicate this? We are > running a web front end on top of dovecot and hence have a lot of > login/logout happening as the user navigates around.Oh, and enabling auth cache would probably solve this too, since most auths wouldn't go to LDAP then. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20090604/4fbf363b/attachment-0002.bin>
Thanks Timo, Dovecot would not boot without count=1 but i did change the settings to cache authentications and we cant reproduce the error any more. Thanks for your help! Paul -----Original Message----- From: Timo Sirainen <tss at iki.fi> To: Paul Carter-Brown <paul.carter-brown at smilecoms.com> Cc: dovecot at dovecot.org Subject: Re: [Dovecot] ldap_search() failed "Server Busy" Date: Thu, 04 Jun 2009 17:56:35 -0400 On Thu, 2009-06-04 at 22:23 +0200, Paul Carter-Brown wrote:> Jun 4 18:30:59 ug1s02-zone1 dovecot: [ID 107833 mail.error] > auth(default): ldap(0202934816 at ug.smilecoms.com,10.31.3.13): > ldap_search() failed (filter (uid=0202934816 at ug.smilecoms.com)): Server > is busy > > We are authenticating against sun directory server yet see no errors in > the directory server and it seems to be under low load. Any ideas if > there is something on dovecot we should tune to erradicate this? We are > running a web front end on top of dovecot and hence have a lot of > login/logout happening as the user navigates around.Oh, and enabling auth cache would probably solve this too, since most auths wouldn't go to LDAP then.