Dear all,
I am using LDAP as backend for Postfix for all email accounts. Any email coming to the server is checked against LDAP to check if email is valid, and deliver it accordingly. It works almost perfectly but I have a big problem that arise when receiving (or sending) too many emails at the same time.
It looks like slapd server is overwhelmed with too many requests at the same time, which makes postfix getting timeouts. On the postfix side hopefully it's only a "temporary lookup failure" but I want to correct that problem.
In the logs I get two kind of LDAP errors : a)
* postfix/trivial-rewrite: warning: dict_ldap_lookup: Search error -5: Timed out * postfix/trivial-rewrite: fatal: ldap:/etc/postfix/ldap-domains.cf(0,lock|fold_fix): table lookup problem
b)
* postfix/smtpd: warning: dict_ldap_connect: Unable to bind to server ldap://localhost:389 as cn=mailadmin, ou=mailservices, dc=domain, dc=ch: -5 (Timed out)
If someone had a suggestion on how to optimize the LDAP server to be able to cope with the demand coming from postfix it would be great !
Denis
On 18/1/2013 12:07 μμ, Denis BUCHER (lists) wrote:
It looks like slapd server is overwhelmed with too many requests at the same time, which makes postfix getting timeouts. On the postfix side hopefully it's only a "temporary lookup failure" but I want to correct that problem.
I would suggest you post to postfix mailing list, together with your "postconf -n" output, and provide details on OS used, Postfix, OpenLDAP versions.
Are you using proxy:ldap: on your postfix ldap lookup tables? (You should.)
On the OpenLDAP side: If you need tuning help, post here your OS, Openldap version details, configuration, backend configuration (if applicable), as well as the content of your openldap data directory.
If you can post stats info, that will be useful too. If you are using BDB/HDB:
(slapd_)db_stat -m (slapd_)db_stat -c
Cheers, Nick
Le 18.01.2013 14:38, Nick Milas a écrit :
It looks like slapd server is overwhelmed with too many requests at the same time, which makes postfix getting timeouts. On the postfix side hopefully it's only a "temporary lookup failure" but I want to correct that problem.
I would suggest you post to postfix mailing list, together with your "postconf -n" output, and provide details on OS used, Postfix, OpenLDAP versions.
Are you using proxy:ldap: on your postfix ldap lookup tables? (You should.)
On the OpenLDAP side: If you need tuning help, post here your OS, Openldap version details, configuration, backend configuration (if applicable), as well as the content of your openldap data directory.
If you can post stats info, that will be useful too. If you are using BDB/HDB:
(slapd_)db_stat -m (slapd_)db_stat -c
Cheers, Nick
Dear Nick,
Thanks a lot for your help ! But can you help me a little more on how to send all these informations (I am not an LDAP expert at all) :
* I don't even know if I'm using proxy:ldap ? My postfix config is : o virtual_mailbox_domains = ldap:/etc/postfix/ldap-domains.cf o virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf o virtual_mailbox_maps = ldap:/etc/postfix/ldap-accounts.cf * slapd_db_stat -m o slapd_db_stat: DB_ENV->open: No such file or directory * How can I show the "the content of your openldap data directory" ?
Sorry for these beginner questions !
By the way, some information to begin :
* # uname -a o Linux hostname 2.6.18-238.19.1.el5 #1 SMP Fri Jul 15 07:32:29 EDT 2011 i686 i686 i386 GNU/Linux * # cat /etc/redhat-release o CentOS release 5.6 (Final) * # slapd -V o @(#) $OpenLDAP: slapd 2.3.43 (Mar 30 2011 19:59:52) $ o mockbuild@builder10.centos.org:/builddir/build/BUILD/openldap-2.3.43/openldap-2.3.43/build-servers/servers/slapd
Thank a lot in advance for everything,
Denis
On 9/2/2013 9:11 μμ, Denis BUCHER (lists) wrote:
- I don't even know if I'm using proxy:ldap ? My postfix config is : o virtual_mailbox_domains = ldap:/etc/postfix/ldap-domains.cf o virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf o virtual_mailbox_maps = ldap:/etc/postfix/ldap-accounts.cf
You are not using "proxy:ldap:" if you have not specified so. Read: http://www.postfix.org/proxymap.8.html. This might help solving your problem.
It seems you are probably using an old Postfix version, if you are using the standard CentOS 5 Postfix version. You'd have to upgrade. What is your version?
- slapd_db_stat -m o slapd_db_stat: DB_ENV->open: No such file or directory
# cd /var/lib/ldap/ # cat DB_CONFIG # slapd_db_stat -m # slapd_db_stat -c
- How can I show the "the content of your openldap data directory" ?
# cd /var/lib/ldap/ # ls -la
- # slapd -V o @(#) $OpenLDAP: slapd 2.3.43 (Mar 30 2011 19:59:52) $
You are running a very old version of OpenLDAP. You should upgrade, esp. if you are using replication as well. Check: http://ltb-project.org/wiki/download#openldap
Post the above info as well as your OpenLDAP config. Nevertheless, you need to upgrade OpenLDAP.
Best regards, Nick
openldap-technical@openldap.org
-
Denis BUCHER (lists) -
Nick Milas