[ejabberd] openLDAP sometimes authentication fail
coolix at free.fr
Fri Jun 6 18:07:03 MSD 2008
I'm running ejabberd v2.0.0 with LDAP authentication. Sometimes (it
happens randomly) users are refused to connect.
This is the XML message that is echoed to them:
<iq type='error' from='my.jabber.com' id='auth_2'>\n<query
I checked the LDAP log and saw ejabberd is using 2 connections to the
LDAP server. One for searching and the other one for binding.
If one of those connections are NOT established when the user tries to
log in, the authentications fails with the mentioned above XML
If both are established, authentication works fine.
Isn't ejabberd supposed to send keepalive packet to avoid LDAP timeout
to be triggered ? According to the LDAP logs it seems not:
Jun 06 00:03:51 <debug> slapd: conn=9 fd=12 ACCEPT from
Jun 06 00:03:51 <debug> slapd: conn=10 fd=13 ACCEPT from
Jun 06 00:03:51 <debug> slapd: conn=9 op=0 BIND dn="" method=128
Jun 06 00:03:51 <debug> slapd: conn=9 op=0 RESULT tag=97 err=0 text=
Jun 06 00:03:51 <debug> slapd: conn=10 op=0 BIND dn="" method=128
Jun 06 00:03:51 <debug> slapd: conn=10 op=0 RESULT tag=97 err=0 text=
Jun 06 00:04:36 <debug> slapd: conn=9 fd=12 closed
Jun 06 00:04:36 <debug> slapd: conn=10 fd=13 closed
Jun 06 00:04:41 <debug> slapd: conn=11 fd=12 ACCEPT from
Jun 06 00:04:41 <debug> slapd: conn=12 fd=13 ACCEPT from
and so on...
I'm not really keen to increase the openldap timeout to infinite value.
I had a quick glance in ejabberd source code and saw there is a
RETRY_TIMEOUT. It's currently set to 5000 and i will try to set it to
a lower value like 500. As i understand the problem this will only
narrow the gap in which auth could be potentially refused at the
expanse of an increase network traffic.
More information about the ejabberd