#364 LDAP_OPERATIONS_ERROR if ldap connection drops

closed
nobody
None
5
2007-02-11
2005-11-30
No

Hi,

with latest amavisd-new (amavisd-new-2.3.3) seems that
if the ldap
connection to the server drops (ie after being idle for
sometime)
amavisd is not able to reconnect, or to explain it
better, it
reconnects for for some reasons the query fails.
The only way to solve that is to restart amavisd.

here's my ldap connection params into amavisd.conf :
$enable_ldap = 1;
$default_ldap = {
hostname => 'ldap.mydomain.net',
tls => 0,
base => 'o=hosting,dc=mydomain,dc=net',
bind_dn => 'cn=phamm,o=hosting,dc=mydomaint,dc=net',
bind_password => 'blah',
query_filter => '(&(objectClass=amavisAccount)(mail=%m))'

};

and here's the logs from amavisd:
Nov 29 23:40:20 megarelay amavis[11979]: (11979-15)
query_keys:
mat...@mydomainmasqued.it, @mydomainmasqued.it,
@.mydomainmasqued.it,
@.it, @.
Nov 29 23:40:20 megarelay amavis[11979]: (11979-15)
lookup_ldap
"mat...@mydomainmasqued.it", query keys:
"mat...@mydomainmasqued.it",
"@mydomainmasqued.it", "@.mydomainmasqued.it", "@.it",
"@.", base:
o=hosting,dc=mydomain,dc=net, filter:
(&(objectClass=amavisAccount)(mail=%m))
Nov 29 23:40:20 megarelay amavis[11979]: (11979-15)
ldap begin_work
Nov 29 23:40:20 megarelay amavis[11979]: (11979-15)
lookup_ldap:
searching base="o=hosting,dc=mydomain,dc=net", scope="sub",
filter="(&(objectClass=amavisAccount)(|(mail=mat...@mydomainmasqued.it)(m...@mydomainm
\

asqued.it)(mail=@.mydomainmasqued.it)(mail=@.it)(mail=@.)))"
Nov 29 23:40:20 megarelay amavis[11979]: (11979-15)
NOTICE: do_search:
trying again: LDAP_OPERATIONS_ERROR
Nov 29 23:40:20 megarelay amavis[11979]: (11979-15)
disconnecting from
LDAP
Nov 29 23:40:20 megarelay amavis[11979]: (11979-15)
Connecting to LDAP
server
Nov 29 23:40:20 megarelay amavis[11979]: (11979-15)
connect_to_ldap:
trying ldap.mydomain.net
Nov 29 23:40:20 megarelay amavis[11979]: (11979-15)
connect_to_ldap:
connected to ldap.mydomain.net
Nov 29 23:40:20 megarelay amavis[11979]: (11979-15)
connect_to_ldap:
bind cn=phamm,o=hosting,dc=mydomain,dc=net succeeded
Nov 29 23:40:20 megarelay amavis[11979]: (11979-15)
lookup_ldap:
searching (again) base="o=hosting,dc=mydomain,dc=net",
scope="sub",
filter="(&(objectClass=amavisAccount)(|(mail=mat...@mydomainmasqued.it)(m...@mydomainm
\

asqued.it)(mail=@.mydomainmasqued.it)(mail=@.it)(mail=@.)))"
Nov 29 23:40:20 megarelay amavis[11980]: (11980-14)
disconnecting from
LDAP
Nov 29 23:40:20 megarelay amavis[11980]: (11980-14)
lookup_ldap:
do_search: failed again, at (eval 36) line 152, <DATA>
line 392.
Nov 29 23:40:20 megarelay amavis[11980]: (11980-14)
TROUBLE in
process_request: do_search: failed again, at (eval 36)
line 152,
<DATA> line 392. at (eval 36) line 433, <DATA> line 392.
Nov 29 23:40:20 megarelay amavis[11980]: (11980-14)
Requesting process
rundown after fatal error

now I'll try to check into the code why this fails...
but I'm not a
perl expert :)

Greetings, Matteo

Discussion

  • Logged In: YES
    user_id=621205

    I think I've found out the bug, there's a typo into
    do_search (which leads to be always in error, even if the
    recconection is ok) and a missing return if the retry result
    is available.
    Here's the small patch:

    --- /root/amavisd-new-2.3.3/amavisd 2005-08-22
    01:46:15.000000000 +0200
    +++ amavisd 2005-11-30 12:11:05.000000000 +0100
    @@ -10603,10 +10603,12 @@
    );
    if ($result->code) { die $result->error_name, "\n"; }
    };
    - if (@_ ne '') {
    + if ($@ ne '') {
    my($err) = $@; chomp $err;
    $self->disconnect_from_ldap;
    die "do_search: failed again, $err";
    + } else {
    + return $result;
    }
    }
    die "do_search: $err";

    Now I'm testing it and all seems ok.

    Matteo.

     
  • Lars Hecking
    Lars Hecking
    2007-02-11

    • status: open --> closed
     
  • Lars Hecking
    Lars Hecking
    2007-02-11

    Logged In: YES
    user_id=28904
    Originator: NO

    Use the amavis-user mailing list for amavisd-new support.