Hi list, we had a lot of trouble with our Dovecot Replicating-Cluster installation authenticating against LDAP Service. We ran in a timeout and what happened was that we got more and more search requests running against on our ldap server. And on the dovecot site the process got killed after a couple of seconds. So we ran into a race condition and our LDAP Server was under heavy load. We got a log entry like this: "Initial status notification not received in 30 seconds, killing the process" So we had to apply the attached patch to our Source based Dovecot Cluster. Could you please make a configurable Parameter for our Patched value? That would be great to get this parameter Configurable. Thanks Andre Helwig -- Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-0 Fax: 030 / 405051-19 Zwangsangaben lt. ?35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Gesch?ftsf?hrer: Peer Heinlein -- Sitz: Berlin -------------- next part -------------- A non-text attachment was scrubbed... Name: increase_master_timeout.patch Type: text/x-patch Size: 461 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20150316/205f13d8/attachment-0001.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20150316/205f13d8/attachment-0001.sig>
On 16 Mar 2015, at 19:24, Andre Helwig <a.helwig at heinlein-support.de> wrote:> > Hi list, > we had a lot of trouble with our Dovecot Replicating-Cluster > installation authenticating against LDAP Service. > > We ran in a timeout and what happened was that we got more and more > search requests running against on our ldap server. > > And on the dovecot site the process got killed after a couple of > seconds. So we ran into a race condition and our LDAP Server was under > heavy load. > We got a log entry like this: "Initial status notification not received > in 30 seconds, killing the process"What process? auth process?> So we had to apply the attached patch to our Source based Dovecot Cluster. > > Could you please make a configurable Parameter for our Patched value? > > That would be great to get this parameter Configurable.That's the wrong solution though. A process initialization is supposed to take less than a second always. If something like LDAP initialization is taking minutes, this waiting should be done after the process initialization has finished. I thought the LDAP initialization code was asynchronous though, unless you're using sasl_bind=yes or tls=yes?
On 16 Mar 2015, at 22:36, Timo Sirainen <tss at iki.fi> wrote:> >> So we had to apply the attached patch to our Source based Dovecot Cluster. >> >> Could you please make a configurable Parameter for our Patched value? >> >> That would be great to get this parameter Configurable. > > That's the wrong solution though. A process initialization is supposed to take less than a second always. If something like LDAP initialization is taking minutes, this waiting should be done after the process initialization has finished. > > I thought the LDAP initialization code was asynchronous though, unless you're using sasl_bind=yes or tls=yes?http://hg.dovecot.org/dovecot-2.2/rev/0a17875f0ece should help with this. I did a bunch of other cleanup commits also, which are more or less required to avoid invalid errors from rapidly recreating auth processes that just die immediately.