[Dovecot] behavior of dovecot with Openldap

[Masaharu Kawada]

Dear list,

Thank you very much for your quick answer.

This question is actually due to a phenomenon that the customer
got about a month ago. For the detail of the phenomenon, please
see bellow.

**********
-2008/11/16
The customer updated openldap package
openldap-2.2.13-6.4E ⇒ openldap-2.2.13-12.el4

-2008/12/22
A problem happened, which doesn't need to be investigated this time,
to the ldap server(server1), so that ldap service on server1 is
temporary stopped and restarted.

-2008/01/06
The customer rearized that authorize requests by dovecot clients was
all failed, and to know the reason the customer did some investigation.
As a result, it was because of that dovecot accessed to only another
server(server2) to authorize and server2 had not been replicated any
data from server1 since 2008/11/16 which was shown by the replication
log on server2(the last update was 2008/11/16). The server2 was
supposed to have the same data as server1's which was latest data at
that time by replication.
*********

For this reason, the customer wants to know why dovecot accessed only
server2 since ldap package was updated on 2008/11/16 and also wants to
know why replication had been failed after updating the package.
However, since the customer is not able to provide ehough information
for this phenomenon because of their security policy, the customer said
that only he wants to know this time is what the trigger to switch to
another ldap server(between server1 and server2) and the way to specify
which ldap server to access from the client as he wants if possible, or
the specification of dovecot for accessing ldap servers in case there
are more than one ldap servers pointed on 'hosts=' field in
/etc/dovecot-ldap.conf

As you said, if both ldap servers are used ramdomly, it seems to be
unusuall action that authorize request is failed all the time, it should
be at least successful when authorizing by server1 since server1 has no
problems after rebooting ldap service on 2008/12/22. I'm afraid, anything
else that might be help or useful info to know the specification of dovecot?

Thanks,




Timo Sirainen さんは書きました:
> On Jan 19, 2009, at 3:04 AM, Masaharu Kawada wrote:
>
>   
>> In /etc/dovecot-ldap.conf, 'hosts=' field is the one which can be used
>> to specify availabled ldap server to access from the clients to  
>> authorize.
>> And also sevral ldap servers can be specified in 'hosts =' field as  
>> shown
>> like below.
>>
>> hosts = ldap-server1.example.com ldap-server2.example.com
>>     
>
> Dovecot simply passes these servers to the OpenLDAP library. It  
> doesn't do anything with them itself.
>
>   
>> ※both server have the same configuration and available to  
>> replication
>> ldap-server1(master) to ldap-server2(slave).
>>
>> If this is right, how does dovecot know which ldap server is  
>> currently used?
>> and if the master dies, how does dovecot know and switch to slave one?
>>     
>
> I'm pretty sure that configuration will simply use both the servers  
> all the time more or less randomly. Unless OpenLDAP library has some  
> code that does something similar to what you're talking about, but  
> somehow I doubt that.
>
>   


-- 
-------------------
Masaharu Kawada
Associate Global Support Engineer
Red Hat K K
Ebisu Neonato 8F
1-18 Ebisu 4-chome, Shibuya-ku
Tokyo 150-0013, Japan
Direct: +81-3-5798-8482