After installing courier-authlib-0.57-r2, I've had lots of warning (everytime someone connect to courier) like the following: Jan 17 10:20:53 speaky authdaemond: nss_ldap: reconnecting to LDAP server... Jan 17 10:20:53 speaky authdaemond: nss_ldap: reconnected to LDAP server after 1 attempt(s) With courier-authlib-0.57-r1, I didn't have any. So it seems related to bug 113074. I downgraded back to 0.57-r1 and indeed the logs stopped. Now I upgraded to 0.58 and the warnings are back. With something like 30 users checking their emails every minute or so, this is a lot of log spewed in syslog. As the bug 113074 offered, I activated DEBUG_LOGIN=1 and ran a test as specified in README.authdebug.html. The syslog showed the following: Jan 17 10:30:38 speaky authdaemond: stopping authdaemond children Jan 17 10:30:39 speaky authdaemond: modules="authpam ", daemons=2 Jan 17 10:30:39 speaky authdaemond: Installing libauthpam Jan 17 10:30:39 speaky authdaemond: Installation complete: authpam Jan 17 10:31:05 speaky authdaemond: received auth request, service=imap, authtype=login Jan 17 10:31:05 speaky authdaemond: authpam: trying this module Jan 17 10:31:05 speaky authdaemond: authpam: sysusername=jehan, sysuserid=<null>, sysgroupid=100, homedir=/home/jehan, address=jehan, fullname=Jehan Bing, maildir=<null>, quota=<null>, options=<null> Jan 17 10:31:05 speaky authdaemond: pam_service=imap, pam_username=jehan Jan 17 10:31:05 speaky authdaemond: dopam successful Jan 17 10:31:05 speaky authdaemond: Authenticated: sysusername=jehan, sysuserid=<null>, sysgroupid=100, homedir=/home/jehan, address=jehan, fullname=Jehan Bing, maildir=<null>, quota=<null>, options=<null> Jan 17 10:31:05 speaky imapd-ssl: LOGIN, user=jehan, ip=[127.0.0.1], protocol=IMAP Jan 17 10:31:11 speaky imapd-ssl: LOGOUT, user=jehan, ip=[127.0.0.1], headers=0, body=0, time=6, starttls=1 There doesn't seem to be anything special
do you use 'bindpolicy soft'? if so, remove it. Also, look at your nss_ldap.conf and ldap configuration to see what your timeout stuff is.
I never set the bind_policy. It is commented out as in the default conf file that comes with the nss_ldap package. Same thing for the timeout/timelimit stuff.
Ok, the main question is why nss_ldap keeps disconnecting and reconnecting. Is your nscd enabled, it should be. What version of nss_ldap are you using?
I'm using nss_ldap-239-r1. I had trouble restarting slapd on another server after switching to 249 so I didn't upgrade yet. nscd was not running. I never needed it. After activating it, Courier still displays those warning messages. Other services use nss_ldap without problems even without nscd. MySQL, Apache, Samba, Vixie-cron, ... all use nss_ldap just fine. Courier was also fine before the update. SSH is the only other service that show the warnings. I don't know if you read bug 113074 or even if it can help but I started to get the warnings after the patch on that bug was applied.
same error here ... only with courier-authlib even ... it seems courier-authlib doesn't know how to create a persistent connection...
CCing myself as courier-authlib maintainer, also please try out courier-authlib-0.59.2, maybe that one fixes your issues, I myself don't use LDAP stuff at all. Best regards, CHTEKK.
Actually, I don't see the error anymore (looking at the logs of the past 5 weeks). It may have been fixed with all the changes in nss_ldap-253
