--On Wednesday, May 02, 2012 8:17 AM -0700 Quanah Gibson-Mount
<quanah_at_zimbra.com> wrote:
>>> SigningTable ldap://192.0.2.1/""?DKIMSelector?sub?(DKIMIdentity =$d)
>>> ldap://192.0.2.2/""?DKIMSelector?sub?(DKIMIdentity=$d)
>>
>> The first one.
>
> Perfect, thanks!
Unfortunately, LDAP failover in OpenDKIM doesn't actually appear to work.
This morning I got the following error in syslog:
May 8 08:13:46 edge01-zcs opendkim[9749]: error looking up
"quanah_at_zimbra.com" in database: Can't contact LDAP server
May 8 08:13:46 edge01-zcs opendkim[9749]: 0E7FA14D: error reading signing
table
There are two problems with this message appearing:
a) The LDAP server it was talking to was never down ( I filed sourceforge
bug#3524756 on this)
and
b) OpenDKIM failed to fail over to the other two LDAP servers configured in
its pool:
SigningTable
ldap://ldap01-zcs.vmware.com:389/?DKIMSelector?sub?(DKIMIdentity=$d)
ldap://ldap02-zcs.vmware.com:389/?DKIMSelector?sub?(DKIMIdentity=$d)
ldap://dogfood.zimbra.com:389/?DKIMSelector?sub?(DKIMIdentity=$d)
KeyTable
ldap://ldap01-zcs.vmware.com:389/?DKIMDomain,DKIMSelector,DKIMKey,?sub?(DKIMSelector=$d)
ldap://ldap02-zcs.vmware.com:389/?DKIMDomain,DKIMSelector,DKIMKey,?sub?(DKIMSelector=$d)
ldap://dogfood.zimbra.com:389/?DKIMDomain,DKIMSelector,DKIMKey,?sub?(DKIMSelector=$d)
Murray, is (b) the issue we were recently discussing recently?
Is there a target release where LDAP failover will be working correctly?
Thanks!
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
Received on Tue May 08 2012 - 17:03:07 PST