Use DN lookup instead of DN template for LDAP auth
In our setup users require a specific LDAP group to login. We enforce this with an LDAP filter (user_filter). With DN template, authentication always succeeds for these users, as Dovecot only performs an LDAP BIND request. Successful auth followed by failed userdb lookup seems to trigger a bug in Dovecot that causes the handler processes to stay around indefinitely and fill up the process_limit. Using DN lookup with the LDAP filter set for both user_filter and pass_filter should cause the authentication to fail for these users and work around the bug.
Loading
Please register or sign in to comment