Hello Sam
I have just tested this patch and it work amazingly great. here is log
from authdaemon log after LDAP server restart:
May 25 11:42:21 mail authdaemond: ldap_search_ext_s failed: Can't
contact LDAP server
May 25 11:42:21 mail authdaemond: ldap_start_tls_s failed: Can't contact
LDAP server
May 25 11:42:21 mail authdaemond: authdaemond: search.c:95:
ldap_pvt_search: Assertion `ld != ((void *)0)' failed.
May 25 11:42:21 mail authdaemond: stopping authdaemond children
May 25 11:42:21 mail imapd-ssl: LOGIN FAILED, user=
May 25 11:42:21 mail imapd-ssl: authentication error: Input/output error
May 25 11:42:21 mail authdaemond: restarting authdaemond children
May 25 11:42:21 mail authdaemond: modules="authldap", daemons=14
May 25 11:42:21 mail authdaemond: Uninstalling authldap
May 25 11:42:21 mail authdaemond: Installing libauthldap
May 25 11:42:21 mail authdaemond: Installation complete: authldap
after that all LOGIN requests are back handled properly :)
thank you again for really very quick reaction
is there any chance that this patch can be included in main code?
thank you
michal
Dňa 24.5.2018 o 3:34 Sam Varshavchik napísal(a):
Michal Bruncko writes:
once the authlib receives RST, then it reestablish new connection.
but in case there are many authlib daemons in place, then it takes
really long time to get all that connections reestablished as all of
them are used for many auth requests coming either from imap or
maildrop.
so maybe yes, at the end (after XYZ minutes) all daemons will get
connections reestablished, but meanwhile majority of users will be
unable to use this service.
Ok, so authldap will reconnect on its own, maybe not immediately, but
it will reconnect, so this is only a temporary problem.
It's simply not possible to have 100% recoverability for client/server
connectivity issues. I'm sure you understand that authldap, for
example, does not send and receive raw packets directly. It uses the
high-level API from the OpenLDAP library; so packet-level diagnosis is
of very limited benefit here.
It's possible to try to automatically disconnect and reconnect and try
again in case of an LDAP lookup failure. You can try to see if the
following patch will give better results; but it's not clear to me
whether the following will try to reestablish the connection only in
the case of a connection-level problem, or all LDAP errors, such as
failed lookups.
diff --git a/courier-authlib/authldaplib.cpp
b/courier-authlib/authldaplib.cpp
index f2009cd..6390b8d 100644
--- a/courier-authlib/authldaplib.cpp
+++ b/courier-authlib/authldaplib.cpp
@@ -87,6 +87,14 @@ public:
cred.bv_len=buffer.size();
cred.bv_val=&buffer[0];
+ if (ok("ldap_sasl_bind_s",
+ ldap_sasl_bind_s(connection, userid.c_str(),
+ NULL, &cred,
+ NULL, NULL, NULL)))
+ return true;
+
+ disconnect();
+ connect();
return ok("ldap_sasl_bind_s",
ldap_sasl_bind_s(connection, userid.c_str(),
NULL, &cred,
@@ -630,6 +638,22 @@ public:
100, &ptr)))
{
ptr=NULL;
+ conn.disconnect();
+ conn.connect();
+
+ if (!conn.ok("ldap_search_ext_s",
+ ldap_search_ext_s(conn.connection,
+ basedn.c_str(),
+ LDAP_SCOPE_SUBTREE,
+ query.c_str(),
+ search_attributes(),
+ 0,
+ NULL, NULL,
+ &timeout_copy,
+ 100, &ptr)))
+ {
+ ptr=NULL;
+ }
}
}
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Courier-imap mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Courier-imap mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
