RE: SigningTable and LDAP

From: Murray S. Kucherawy <>
Date: Tue, 8 May 2012 17:30:48 +0000

> -----Original Message-----
> From: Quanah Gibson-Mount []
> Sent: Tuesday, May 08, 2012 9:14 AM
> To: Murray S. Kucherawy;
> Subject: RE: SigningTable and LDAP
> Unfortunately, LDAP failover in OpenDKIM doesn't actually appear to work.
> This morning I got the following error in syslog:
> May 8 08:13:46 edge01-zcs opendkim[9749]: error looking up
> "" in database: Can't contact LDAP server May 8
> 08:13:46 edge01-zcs opendkim[9749]: 0E7FA14D: error reading signing
> table
> There are two problems with this message appearing:
> a) The LDAP server it was talking to was never down ( I filed sourceforge
> bug#3524756 on this)

This is a request for TCP keepalive support. I've emailed you separately about it because I'll need more information from OpenLDAP to do so.

> and
> b) OpenDKIM failed to fail over to the other two LDAP servers
> configured in its pool:
> [...]
> Murray, is (b) the issue we were recently discussing recently?
> Is there a target release where LDAP failover will be working
> correctly?

I need to know what the problem is first. All of the URIs you provide are passed to ldap_initialize(), so I would presume the reconnection/fallback logic lives inside OpenLDAP itself. If it's not failing over correctly, I have to assume the problem is there, unless I'm supposed to tell OpenLDAP something I haven't told it yet.

Besides passing multiple URIs to ldap_initialize(), am I supposed to make other calls to OpenLDAP to arrange for automated failure recovery?

Received on Tue May 08 2012 - 17:31:01 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:40 PST