I am not sure of the quarantine is a function of OpenLDAP or Cyrus SASL. But is it's behavior configurable? Too many times when AD is patched, all of our targets go into quarantine of will not attempt SASL until restarted. It would be more robust to wait 10 minutes and try again, then 20, 30, and hour, etc.. So it can recover gracefully. Is that possible how the solution stands now?
Thanks, Brad
