Re: NSS, mail.local and unavailable LDAP

To: "Emmanuel Dreyfus" <manu%netbsd.org@localhost>
Subject: Re: NSS, mail.local and unavailable LDAP
From: "matthew sporleder" <msporleder%gmail.com@localhost>
Date: Tue, 22 Apr 2008 00:03:50 -0400

On 4/21/08, Emmanuel Dreyfus <manu%netbsd.org@localhost> wrote:
> Hello
>
>  There must be a simple way of fixing this, but I have not found it yet:
>
>  On a mail server, if accounts are stored in an LDAP directory, and if
>  the LDAP servers all go down, then mail.local will think the destination
>  accounts do not exist, and the mail server will start bouncing e-mails,
>  because recipients do not exist.
>
>  If the sender account is on the same server, then the DSN bounces back
>  to another nonexistent user, and it gets lost. This is not very
>  satifying.
>
>  Of course, all the LDAP servers should not go down at the same time, but
>  that can happen. It would be nice if mail.local could just wait for LDAP
>  servers to become available again, retrying periodically, instead of
>  returning that the user does not exists.
>
>  How can this be acheived? nsswitch.conf does not allow retrying on the
>  same source, and neither nss_ldap.conf does.


Can you set the timelimit and/or bind_timelimit to unlimited (0 for
timelimit, I'm not sure for bind_timelimit) so that nss would,
basically, never return unless it could contact the ldap server?

Follow-Ups:
- Re: NSS, mail.local and unavailable LDAP
  - From: Emmanuel Dreyfus

References:
- NSS, mail.local and unavailable LDAP
  - From: Emmanuel Dreyfus

Prev by Date: NSS, mail.local and unavailable LDAP
Next by Date: Re: NSS, mail.local and unavailable LDAP
Previous by Thread: NSS, mail.local and unavailable LDAP
Next by Thread: Re: NSS, mail.local and unavailable LDAP
Indexes:

Home | Main Index | Thread Index | Old Index