RE: SigningTable and LDAP

From: Murray S. Kucherawy <msk_at_cloudmark.com>
Date: Tue, 8 May 2012 17:30:48 +0000

> -----Original Message-----
> From: Quanah Gibson-Mount [mailto:quanah_at_zimbra.com]
> Sent: Tuesday, May 08, 2012 9:14 AM
> To: Murray S. Kucherawy; opendkim-users_at_lists.opendkim.org
> Subject: RE: SigningTable and LDAP
>
> Unfortunately, LDAP failover in OpenDKIM doesn't actually appear to work.
> This morning I got the following error in syslog:
>
> May 8 08:13:46 edge01-zcs opendkim[9749]: error looking up
> "quanah_at_zimbra.com" in database: Can't contact LDAP server May 8
> 08:13:46 edge01-zcs opendkim[9749]: 0E7FA14D: error reading signing
> table
>
>
> There are two problems with this message appearing:
>
> a) The LDAP server it was talking to was never down ( I filed sourceforge
> bug#3524756 on this)

This is a request for TCP keepalive support. I've emailed you separately about it because I'll need more information from OpenLDAP to do so.

> and
>
> b) OpenDKIM failed to fail over to the other two LDAP servers
> configured in its pool:
> [...]
>
> Murray, is (b) the issue we were recently discussing recently?
>
> Is there a target release where LDAP failover will be working
> correctly?

I need to know what the problem is first. All of the URIs you provide are passed to ldap_initialize(), so I would presume the reconnection/fallback logic lives inside OpenLDAP itself. If it's not failing over correctly, I have to assume the problem is there, unless I'm supposed to tell OpenLDAP something I haven't told it yet.

Besides passing multiple URIs to ldap_initialize(), am I supposed to make other calls to OpenLDAP to arrange for automated failure recovery?

-MSK
Received on Tue May 08 2012 - 17:31:01 PST